I've downloaded the Exim snapshot using a new feature in rate limiting called noupdate. (Thanks to Graeme - you rock dude!) I hope to have something working by the end of today.
The noupdate feature allows you to read a count without updating the count. So one ACL can increment the counter and a different ACL can test it. One of the side effects of greylisting is that it generally delays email from people who are new. A lot of people consider this unacceptable. What I'm going to develop will not have that problem and will be as accurate at rejecting spam bots as other greylisting systems. I'm using a similar method right now and I get no spambot spam at all. I didn't even know what the new PDF spam was until I started forwarding automated abuse complaints and saw it then. But what I'm about to do will be all ACL based and in theory do an even better job. The solution will involve having 3 IP addresses (or more) your server(s). Generally normal servers will start at the lowest MX and quickly move up the list withing a second if it fails (QMail being an exception). The idea here is that if you touch the lowest MX IP first then it opens up the next higher MX IP address to accept the message. Touching the lowest MX will leave it open for an hour on the lowest MX so qmail senders can get back in. If someone hist the highest numbered MX then they are penalized for a period of time so that all mail froim them is deferred until the penalty period wears off. Generally real server will never hit the highest MX so only the spam bots will be up there. The idea behind this is that it requires the server be touched twice in the proper order to get in. Spam bots try once and not in the proper order. That's how the filter works. So - will the spammers adapt? Maybe. But that will have to do 2 connection attempts and spammers do like to have to work for it. The bottom line is - this works for me now. The Exim version will be even better. And I'm open to ideas about how to improve it. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
