On 2010/04/13 3:30 PM, Jean-Paul Natola wrote:
Ideally, correct me if I'm wrong, wouldn't I want SA to drop the connection after doing a lookup on the IP or are you saying I should do that on the gateway
SA doesn't have the ability to drop connections. It only scans what is handed to it. This is an MTA-level issue. You may be able to find out on the Exim list if Exim is able to drop connections sooner based on an RBL hit, but these logs really don't look out of place to me. I see these all the time from botnets to server farms, and sites like Constant Contact. Every log entry makes me just a little bit happier that I was able to prevent them from consuming all available threads and resources remain open for legitimate uses.
-- /Jason
smime.p7s
Description: S/MIME Cryptographic Signature
