Ian Eiloart wrote: > --On 27 March 2008 20:22:52 +0000 Graeme Fowler <[EMAIL PROTECTED]> wrote: > > >> On Thu, 2008-03-27 at 12:27 -0700, Marc Perkel wrote: >> >>> I'm seeing something interesting. In the HELO acl if I issue a DENY I'm >>> seeing servers doing a retry of the HELO. Is this normal? >>> >> Yes, perfectly. It's termed a "woodpecker". There are multiple records >> of badly written mail applications hammering away for days until the >> message times out. >> >> Better to reject after RCPT or DATA for some applications, as they then >> go away permanently. >> >> Graeme >> > > Apart from anything else, you should allow people to send email to > postmaster, so that if they've got a bad HELO argument then at least they > can get your advice on it. > > >
Actually it was a situation where I was rejecting them at HELO for being blacklisted in one of my own blacklist. You might be wondering why I did it at HELO rather than connect. but I have a reason. What I was doing was waiting for the HELO to see if there were any HELO sins to note. Then I would issue a DENY rather than a DROP. Then I would look to see if the closed the connection with a QUIT or let it time out. The combination of having connected on one of my fake high numbered MX records, with a HELO sin and no QUIT is a positive indicator that the sender is a virus infected spambot and I can then send a message into my blacklisting system that will start the 4 day clock again on that IP so it won't expire. Of course, I never thought that anyone would retry a HELO. I am now not doing that. I'm now rejecting at the MAIL level or under high load levels doing a DROP at connect. I'm just thinking. I should write a configuration guide for setting up Exim to deal with high load levels and put it on the Wiki. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
