On Mon, 27 Jun 2005, Matt Sealey wrote:
I don't see any evidence that these thousands of failures were
one single unbroken connection.
It was just one connection. I see the following line in my logs only
once:
2005-06-26 07:25:32 SMTP connection from [200.101.127.102] (TCP/IP connection
count = 1)
There is no other "connection from" line from that IP.
How would you fix up Exim to handle someone doing real reconnects, a new
session each time?
Good question... But I don't think Exim can remember information between
connections, can it?
I do have measures in place using the Linux kernel, where I block someone
if they send lots of SYN packets. This helps prevent against someone
opening too many connections, someone slamming the system, and confuses
the portscanners. This user was not blocked, because they slammed the
server in just one connection.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
