Top Nav

Archive | Exim

Mitigate Exim Random Data DDOS

Used the following to mitigate a denial of service against a customer on Cpanel with Exim. The attack consists of connections to port 25, where they send binary garbage rather than SMTP protocol. It ends up filling the exim logs with binary junk, and otherwise wasting resources. 

This is taken from http://forums.cpanel.net/f185/sustained-exim-attack-syntax-errors-mitigation-measures-338792.html.

1) Add the following lines in the middle of /etc/csf/regex.custom.pm:

Some variation may be needed, depending on the exact format of the log entries. See the notes in the source URL above for more details on that.

2) Modify /etc/csf/csf.conf, change these settings:


3) Apply the changes:


4) Activity can be monitored with this command:
0

Exim Mail Queue Cleanup

How to remove all messages in an Exim queue (on a cPanel server, for example) from or to a specific user:

  1. SSH into the server as root
  2. To delete all from a specific address:
  3. To delete all to a specific address:

Other useful selection criteria (replace the “-f user@domain” or “-t user@domain” options):
-y Message younger than
-o Message older than
-z Frozen messages only (exclude non-frozen)
-x Non-frozen messages only (exclude frozen)

0