> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Michael Sprague > Sent: Monday, June 27, 2005 2:19 PM > To: [email protected] > Subject: Re: [exim] exim allowed someone to slam my mail > server for 3 hours > > [EMAIL PROTECTED] wrote: > > What happened here? I thought Exim is supposed to > > > > 2005-06-26 07:25:44 H=(buzz) [200.101.127.102] > > F=<[EMAIL PROTECTED]> rejected RCPT > <[EMAIL PROTECTED]>: > > host 200.101.127.102 is listed in brazil.blackholes.us > > 2005-06-26 07:25:46 H=(buzz) [200.101.127.102] > > F=<[EMAIL PROTECTED]> rejected RCPT > <[EMAIL PROTECTED]>: > > host 200.101.127.102 is listed in brazil.blackholes.us > > > > Sure. You can put something like this in your rcpt ACL: > > drop > condition = ${if > {${eval:$rcpt_fail_count}}{3}{true}{false}} > message = Too many failed recipients - count = > $rcpt_fail_count > > This will drop the connection after 3 bad rcpt to's are done.
Right but they can just disconnect and reconnect to work around that. I don't see any evidence that these thousands of failures were one single unbroken connection. How would you fix up Exim to handle someone doing real reconnects, a new session each time? -- Matt Sealey <[EMAIL PROTECTED]> Manager, Genesi, Developer Relations -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
