-----Original Message----- From: Jason Bertoch [mailto:ja...@i6ix.com] Sent: Tuesday, April 13, 2010 2:53 PM To: users@spamassassin.apache.org Subject: Re: accepted connection from DNSBL's
On 2010/04/13 2:38 PM, Jean-Paul Natola wrote: > Well just to confirm I have taken the IP addresses and entered them here > http://www.dnsbl.info/dnsbl-database-check.php > > and almost ALL of them are listed in at least 5 of the lists, > > this one was on 9 of the lists see below > > var/log/exim/mainlog:2010-04-13 14:24:17 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:17 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:18 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:18 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:19 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:19 Connection from [110.139.156.19] > refused: too many connections > /var/log/exim/mainlog:2010-04-13 14:24:20 Connection from [110.139.156.19] > refused: too many connections > > My setup is as follows > Freebsd > Exim > Clamav > SA > This is an MTA connection limit, which is not a bad thing. Sane limits should always be placed on servers. I suspect that in Exim the RBL's are checked after local connection limits. This is likely nothing to worry about. You may want to verify that this is a PER HOST connection limit and not server-wide, though. The Exim list may be more helpful in that regard. -- /Jason Ideally, correct me if I'm wrong, wouldn't I want SA to drop the connection after doing a lookup on the IP or are you saying I should do that on the gateway
