Greetings...
Can anyone who is experiencing or has experienced this, comment on it and share your experience? Over the last few weeks our mail servers have been getting mail bombed with large amounts of email to random (non-existant) addresses at some of the domains we host. I am not referring to alphabet login attacks... these are just attempts to send email to random addresses.
There is no problem rejecting the emails (Sender verification, some TLD rejections etc.)... but I'm curious whether others are experiencing this recently? Has this practice suddenly increased, or have we just been included?
I'm also open to suggestions on how to best relieve our mail servers of some of the pressure of having to deal with all these rejections. The sending mail server IP's are all over the place.... Russia, China, Bolivia, India, US.. so compromised mail servers from around the globe....no sense even trying to add IP's to a block list. Possibly a use of AI... don't know.
I've experimentally set some of our mail servers to only receive email from Canada, US (and a few countries that process email over in Europe for Microsoft etc.) by using the "Filter Incoming Emails By Country" in WHM>Email to see how that works.
The filter incoming emails by domain works (*.ru for example), but the server mail log still lists all of these... whereas using the country rejection prevents them from even arriving apparently as there is no record of them in the logs at all.
I'm not sure why "Exim Configuration Manager>ACL Options>Dictionary attack protection" does not stop the incoming after 4 failed recipients... I thought that it would. There are usually about 100 attempts before they move to another domain.
So any advice, suggestions or sharing of current or past experiences welcomed.
Thanks
Can anyone who is experiencing or has experienced this, comment on it and share your experience? Over the last few weeks our mail servers have been getting mail bombed with large amounts of email to random (non-existant) addresses at some of the domains we host. I am not referring to alphabet login attacks... these are just attempts to send email to random addresses.
There is no problem rejecting the emails (Sender verification, some TLD rejections etc.)... but I'm curious whether others are experiencing this recently? Has this practice suddenly increased, or have we just been included?
I'm also open to suggestions on how to best relieve our mail servers of some of the pressure of having to deal with all these rejections. The sending mail server IP's are all over the place.... Russia, China, Bolivia, India, US.. so compromised mail servers from around the globe....no sense even trying to add IP's to a block list. Possibly a use of AI... don't know.
I've experimentally set some of our mail servers to only receive email from Canada, US (and a few countries that process email over in Europe for Microsoft etc.) by using the "Filter Incoming Emails By Country" in WHM>Email to see how that works.
The filter incoming emails by domain works (*.ru for example), but the server mail log still lists all of these... whereas using the country rejection prevents them from even arriving apparently as there is no record of them in the logs at all.
I'm not sure why "Exim Configuration Manager>ACL Options>Dictionary attack protection" does not stop the incoming after 4 failed recipients... I thought that it would. There are usually about 100 attempts before they move to another domain.
So any advice, suggestions or sharing of current or past experiences welcomed.
Thanks
