We are getting a huge SMTP attack from a number of IPs. I've gone ahead and created a DNAT rule that sends them to a blackhole address, but I'm not understanding why exim is still receiving the TCP connection, if I have everything set correctly. Shouldn't the NAT rule precede the proxy connection, according to the Rulz?
do you have one external IP address or other second external IP addresses? If there are more than the primary, please include the other external IPs to your DNAT rule.
Yeah, I put the entire subnet into the "Going to," so the NAT rule is picking it up on each IP.