Single Blog

Protect your mail server from ylmf-pc bruteforce

June 26, 2015, Written by 0 comment

If you have been getting regular brute force attacks which has cmd: EHLO ylmf-pc from different IPs. These bruteforce can be blocked and it’s easy to do it with Exim mail server on cPanel.

1) Create a file with a list of the HELOs that you want to block. For example, create and edit /etc/heloblocks

2) Go to WHM > Exim Configuration Manager > Advanced Editor.

3) Scroll down until you find “acl_smtp_helo”

4) Below that, you will find a box titled “custom_begin_smtp_helo”. In that box, paste the following code:
Code:

drop
 condition = ${lookup{$sender_helo_name}lsearch{/etc/heloblocks}{yes}{no}}
 log_message = HELO/EHLO - HELO on heloblocks Blocklist
 message = HELO is on our blocklist
 accept

Check your exim_mainlog, you will see similar result using when you to telnet and helo ylmf-pc.

 

martin

Leave a reply

Your email address will not be published. Required fields are marked *