[EMAIL PROTECTED] wrote:
What happened here? I thought Exim is supposed to disconnect people if
they cause too many errors in their connection? Why did Exim allow the
one host to make 38,000 requests in 3 hours within just 1 connection?
Here what I see in my logs:
2005-06-26 07:25:32 SMTP connection from [200.101.127.102] (TCP/IP
connection count = 1)
2005-06-26 07:25:34 H=(buzz) [200.101.127.102]
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>:
host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:40 H=(buzz) [200.101.127.102]
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>:
host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:44 H=(buzz) [200.101.127.102]
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>:
host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:46 H=(buzz) [200.101.127.102]
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>:
host 200.101.127.102 is listed in brazil.blackholes.us
That message repeats thousands of times for 3 hours, then:
2005-06-26 10:36:28 SMTP syntax error in "SAIR" H=(buzz)
[200.101.127.102] unrecognized command
2005-06-26 10:36:29 unexpected disconnection while reading SMTP command
from (buzz) [200.101.127.102]
Isn't there a way to disconnect a host if they cause too many errors in
the SMTP dialogue?
Sure. You can put something like this in your rcpt ACL:
drop
condition = ${if > {${eval:$rcpt_fail_count}}{3}{true}{false}}
message = Too many failed recipients - count = $rcpt_fail_count
This will drop the connection after 3 bad rcpt to's are done.
M
--
Michael Sprague | [EMAIL PROTECTED]
System and Network Engineering (SaNE), Inc
use STD::disclaimer;
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
