For weeks I have seen constant spam attacks in the logs and in fail2ban I have activated exim-spam filter but it can’t stop it, what can I do? in the log every time they make the attack it will continue, it shows; Rejected because xxx.xx.xx.xx is in a black list at bl.spamcop.net

Yes, in /etc/fail2ban/filter.d/exim.conf file, add it to failregex firective: failregex = ^.*Rejected because <HOST> is in a black list at.*$ ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$ …

Stop spam attack with fail2ban

Community Support Firewall

culibine September 13, 2023, 8:12am 2

Wrong tool for job. Rate limit should be set on SMTP server. Here is relevant discussion: