> At this time we are getting a tremendous amount of > connections from completely different ip-addresses that try > to send emails to recipients, that don't exist on our > mailserver. Greylisting wouldn't help, because these > worms/bots/whatever open several connections. I'm trying to > put all hosts that stand out into a block lists, but that > seems to be an infinite work. > > Has someone configured something like "block all hosts for x > minutes that try to send emails to more than y not existing > recipients" with exim? > Well, a starting point might be to have your acls insert the sender's IP address into a database table if $rcpt_fail_count goes over a certain value. You can then use that table to block those IP addresses. How you would remove them after a certain time is left as an exercise for the reader - but would probably involve inserting a timestamp along with the IP address and having a cron job or similar delete rows with a timestamp over a certain age. John
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
