Hello Konstantin, Please look at https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html and look at the description after “ delay = <time> “
Jan (Sorry for top posting, editing sucks on cell) > 9. sep. 2019 kl. 16:37 skrev Konstantin Boyandin via Exim-users > <exim-users@exim.org>: > > Hello Jan, > > "delay" means tarpitting, in this context? > > I wonder how efficient that is. > > Sincerely, > Konstantin > >> On 09.09.2019 21:16, Jan Ingvoldstad via Exim-users wrote: >> I've had another variant for years: >> >> acl_check_mail: >> deny >> message = no HELO given before MAIL command >> condition = ${if def:sender_helo_name {no}{yes}} >> delay = 60s >> >> The delay is a nice touch, if you have the TCP connections to spare. >> >> Jan >> >> On Mon, Sep 9, 2019 at 4:10 PM Phillip Carroll via Exim-users < >> exim-users@exim.org> wrote: >> >>> my configuration has had something similar for years. Is there any >>> significant difference? >>> >>> acl_check_mail: >>> # deny any mail without helo name >>> deny message = HELO required before MAIL >>> condition = ${if eq{$sender_helo_name}{} {1}} >>> >>> (Yours obviously simpler to read) >>> >>>> On 9/6/2019 6:16 PM, Phil Pennock via Exim-users wrote: >>>>> On 2019-09-06 at 22:04 +0200, Heiko Schlittermann via Exim-users wrote: >>>>> The HELO ACL doesn't help either, as the first EHLO comes before >>>>> STARTTLS, and the second EHLO doesn't have to come, the client may send >>>> >>>> Oh pox. My memory is going. I hadn't realized that my protection >>>> against this comes from long-standing local configuration, not Exim >>>> defaulting to enforcing this: >>>> >>>> acl_check_mail: >>>> deny message = 503 Bad sequence of commands - must send >>> HELO/EHLO first >>>> condition = ${if !def:sender_helo_name} >>>> >>>> If anyone wants to protect against stupidity: I've been using that guard >>>> for "longer than the five years that the current mail-server is running" >>>> and I'm not going diving through git history to find when it was >>>> introduced to my older server. >>>> >>>> To the best of my knowledge, that has never blocked legitimate mail. >>>> Everyone does EHLO after STARTTLS. >>>> >>>> Exim drops pre-TLS sender_helo_name after negotiating TLS. This is >>>> required by RFC 3207 (section 4.2) but not explicitly mentioned in the >>>> Exim Spec, AFAICT. >>>> >>>> -Phil > > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/