[exim] Use of delays

W B Hacker Thu, 02 Nov 2006 12:42:35 -0800

This is not a recommendation, will not work for everyone, requires plentiful
machine resources, etc. ... disclaimer(n)


Caveats done, FWIW, which may be nothing at all..

.... here is an example of an 'instrumented' R&D server (verbose logging)
disposing  of a parasite by simply outwaiting it:

========================================================================
2006-11-03 04:12:52 SMTP connection from [59.117.247.20]:1244
I=[203.194.153.83]:25 (TCP/IP connection count = 1)

2006-11-03 04:13:24 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C6 59.117.247.20 59-117-247-20.dynamic.hinet.net
Source hostname Blacklisted Hits = 1 Jailed! 32 seconds!

2006-11-03 04:13:56 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C7 59.117.247.20 59-117-247-20.dynamic.hinet.net
Source Name Brownlisted - Jailed! 32 seconds!

2006-11-03 04:14:28 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C8 Sender 59.117.247.20
59-117-247-20.dynamic.hinet.net in dynamic-IP Blacklist Hits = 1 Jailed! 32 
seconds!

2006-11-03 04:15:01 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C9 59.117.247.20 59-117-247-20.dynamic.hinet.net
Blacklisted in (sbl-xbl.spamhaus.org) Hits = 2 Jailed! 32 seconds!

2006-11-03 04:15:01 SMTP connection from 59-117-247-20.dynamic.hinet.net
[59.117.247.20]:1244 I=[203.194.153.83]:25 lost

==========================================================================

The parasite, which has a valid-but-useless PTR record, BTW, despite being a
dynamic-IP adsl service, could have been nailed on any one of, or combination
of, of the four faults in acl_smtp_connect alone (C6, C7, C8, C9 are acl
clauses), Black and Brown lists are local lookups, and very short lists.

This caller never entered the 'full' acl_smtp_helo phase, and our server was
never called upon to even give an online acl_smtp_connect rejection message.

It gave up and left of its own accord at T+ 2 minutes  9 seconds after arrival.

Many will not wait even 64 seconds, and some give up even sooner.

No panacea, just one more road to the gulag for the spambots.

YMMV,

Bill


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] Use of delays

Reply via email to