[email protected] wrote: > Debugged set of rules (in DATA ACL): > > deny message = rejected because recognized as Ukrainian spam > condition = ${if match{$message_headers_raw}\ > {\N\A([^\n]+\n[ \t])+[^\n]+\nDate\N}} > condition = ${if eq{$received_protocol}{esmtp}} > condition = ${if eq{$bheader_X-Priority:}{3 (Normal)}} > condition = ${if match{$sender_address_local_part}{\N^[a-z]{10,}$\N}} > condition = ${if match{$bheader_To:}{\N^[^ @,;]...@[\w\.-]+$\n}} > set acl_m_domain = ${if match{$bheader_To:}{\N@(.+)$\N}{$1}} > condition = ${if match{$bheader_Message-ID:}\ > > {\N^<\d{10}\.\d{...@\n$sender_address_domain>\$}} > condition = ${if match{$bheader_In-Reply-To:}\ > {\N^<[a-f\d]{...@\n$acl_m_domain>\$}} > condition = ${if match{$bheader_References:}\ > {\N^<[a-f\d]{...@\n$acl_m_domain> \ > \N<[A-F\d]{30,4...@\n$sender_address_domain>\$}} > condition = ${if !eq{${if match{$rheader_In-Reply-To:}{<(.+)@}{$1}}}\ > {${if > match{$bheader_References:}{\N^<(\w+)@\N}{$1}}}} > > The botnet endures 20s delay in RCPT ACL. I don't want to try longer delays > because of limited memory of the cheap VPS/VDS ($6/month for > 64M RAM and 128M swap for Exim, webserver, POP3 server and BIND). >
On austere hardware you may want to run some comparison tests along the lines of seeing which actually hits the resources hardest: - the above, intensively complex set of conditionals. - progressive, cumulative, delays with the simplest test you can get by with. IOW - if they hang onto the teat for 20 seconds, what happens at 30? 40? 60 - even 120? Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
