On 28/06/05, Tony Finch <[EMAIL PROTECTED]> wrote: > On Mon, 27 Jun 2005, Peter Bowyer wrote: > > > > My next enhancement is to count invalid recipients across connections > > from a single IP, and DNSBL the connecting IP once it reaches a > > threshold. > > You could use the ratelimit feature in 4.52 to do this.
I've looked at doc/NewStuff in the 4.52 snapshot, there's lots of good things there, and notably, lots contributed by developers other than 'PH' - which has to be healthy (meant in a constructive way, of course....). Thanks to all involved. If I were only dealing with a single server I can see how I could use the new ratelimit features, but my situation requires monitoring of client behaviour and application of controls across a group of geographically-separate servers. We've observed that dictionary spams are agile across all the MXs for a domain, presumably in an attempt to avoid tripping ratelimit-style controls, so we need to aggregate behaviour from a single client across all the MXs. I'm sure the ratelimit stuff can help do some of the detection work, though... I'll have a decent look at it. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] Tel: +44 1296 768003 VoIP: sip:[EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
