Protect your mail server from ylmf-pc bruteforce
If you have been getting regular brute force attacks which has cmd: EHLO ylmf-pc from different IPs. These bruteforce can be blocked and it’s easy to do it with Exim mail server on cPanel.
1) Create a file with a list of the HELOs that you want to block. For example, create and edit /etc/heloblocks
2) Go to WHM > Exim Configuration Manager > Advanced Editor.
3) Scroll down until you find “acl_smtp_helo”
4) Below that, you will find a box titled “custom_begin_smtp_helo”. In that box, paste the following code:
Code:
drop
condition = ${lookup{$sender_helo_name}lsearch{/etc/heloblocks}{yes}{no}}
log_message = HELO/EHLO - HELO on heloblocks Blocklist
message = HELO is on our blocklist
accept
Check your exim_mainlog, you will see similar result using when you to telnet and helo ylmf-pc.
