ConfigServer Community Forum

An account on my machine is being bombed by thousands of messages to non-existent users with faked gmail "from" fields (and the faked gmail accounts are all different). These pile up in the undeliverable queue and so do gmail bounce messages. (Currently averaging 12K mesages per day). I banned a handful of the sending IP addresses, but there are still many more coming.
I don't want to do a server wide ban on gmail (thought h I am tempted given the abuses they do permit and the fact that the bounces have gotten one of my IPs banned). Is there a place I can enter a rule that says

fail a message from a gmail account to a non-existent account on "theabusedDomain". There isn't an obvious setting in exim, and the MFE server bans are too broad for this. BTW, marking these messages as spam in MailScanner doesn't seem to help. None get a high enough score to be red listed or even pink listed.

Rick

Go to SEARCH SYSTEM LOGS and select EXIM_MAINLOG and search for a few of the offending errors and post them, may be in there will be helpful information about this.

Sergio

First, I apologize for forgetting I had posted this message, and essentially re-posting on the problem today. I thought the problem had been solved by instituting mandatory DKIM checks, but that only slowed the volume from tens of thousands to a few hundred. We are still getting blocked by gmail.

To answer the above:

Here is a section that seems relevant for the account being bombed:
2013-10-29 15:21:17 1VbHe1-00022u-Ku ** postmaster@andersson.ca R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host aspmx.l.google.com [173.194.79.27]: 550-5.7.1 [69.50.197.243 1] Our system has detected an unusual rate of\n550-5.7.1 unsolicited mail originating from your IP address. To protect our\n550-5.7.1 users from spam, mail sent from your IP address has been blocked.\n550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review\n550 5.7.1 our Bulk Email Senders Guidelines. cx4si15986346pbc.119 - gsmtp
2013-10-29 15:21:17 1VbHe1-00022u-Ku ** 2004@andersson.ca R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host aspmx.l.google.com [173.194.79.27]: 550-5.7.1 [69.50.197.243 1] Our system has detected an unusual rate of\n550-5.7.1 unsolicited mail originating from your IP address. To protect our\n550-5.7.1 users from spam, mail sent from your IP address has been blocked.\n550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review\n550 5.7.1 our Bulk Email Senders Guidelines. cx4si15986346pbc.119 - gsmtp
2013-10-29 15:21:17 cwd=/var/spool/exim 9 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -t -oem -oi -f <> -E1VbHe1-00022u-Ku
2013-10-29 15:21:17 1VbHf3-0002E5-EI spam acl condition: warning - spamd connection to 127.0.0.1, port 783 failed: Connection refused
2013-10-29 15:21:17 1VbHf3-0002E5-EI spam acl condition: all spamd servers failed
2013-10-29 15:21:17 1VbHf3-0002E5-EI U=mailnull Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam ()"
2013-10-29 15:21:17 1VbHf3-0002E5-EI <= <> R=1VbHe1-00022u-Ku U=mailnull P=local S=3624 T="Mail delivery failed: returning message to sender" for rigging2@gmail.com
2013-10-29 15:21:17 cwd=/var/spool/exim 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1VbHf3-0002E5-EI
2013-10-29 15:21:17 1VbHe1-00022u-Ku Completed