Jean-Paul natola wrote: > >> Jean-Paul natola wrote: >>> Hi all, >>> >>> >>> >>> I'm wondering if there is a way to tell exim to drop an connection from a >>> host that is attempting more than one simultaneous smtpconnection >>> >> To drop, for example, the first, already in-process connection when a >> second or subsequent is attempted? >> >> As each is a separate child-process, and many such could be running on >> unrelated connections at any given moment, I doubt it would be in current >> code. > > > Maybe i'm wording it incorrectly, I'm getting alot spammers trying to what i > can only guess are dictionary attacks? and i see a bunch of "refused too > connections" so I do the iplookup and they are indeed spammers. > > > > So would it be a good idea to do the raw drop on them?
There's no significant gain and no need. Ex: conducive# grep -c 'too many connections' /var/log/exim/mainlog 25750 The *initial* connection is subject to an rDNS check, and - with most, not all, of the above refused connections, is *later* proven to be 'dirty', and denied. 'Later' because an rDNS check - even if cached - takes a small, but finite period of time, and the swarm of multiple connection attempts will have already arrived before the result is returned on the first one - let laone all of the rest. So limiting the connections from any one IP prevents swamping the server resources - in my case available PostgreSQL 'connections' more than rDNS lookups. Simple, effective, needs no further gold-plating. BTW: An Exim 'drop' doesn't gain YOU much over a simple 'deny'. Read up on the differences. HTH, Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
