Tony Godshall <[EMAIL PROTECTED]> writes:
> Hi folks.
>
> Symptom: tons of "Unroutable address" logs like this in
> my /var/log/exim4/mainlog...
>
> 2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net
> (thesitefights.com) [63.195.120.242]
> F=<[EMAIL PROTECTED]> rejected RCPT
> <[EMAIL PROTECTED]>: Unrouteable address
>
> #reject for 40 seconds each time we get a smtp_penalty_box hit
> iptables -A INPUT \
> -m recent --name smtp_penalty_box --rcheck --seconds 40 \
> -j DROP
We do something not entirely unlike this with an ACL.
defer condition = ${if and {{! def:acl_c2} \
{> {$rcpt_count} {5}} \
{< {$recipients_count} {${eval:$rcpt_count/2}}\
} \
} {yes} {no}\
}
log_message = Excessive invalid addresses
delay = 45s
The variable acl_c2 is set when the user is authenticated.
If you're starved for resources you might not want to do this since
you might be holding on to a lot of connection from spammers. We
haven't found this to be much of a problem, however, since I suspect
that a lot of spammers break the connection when they're not allowed
to send mail at the rate they want.
I think this is a neat trick, but I can't take credit for it. Kjetil
Homme is the one that came up with it.
--
Haakon Eriksen [ [EMAIL PROTECTED] ]
Center for Information Technology Services,
University of Oslo
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
