Hi all,
I'm new to the list, and relatively new to Exim (v2.05). In the last
couple of weeks, I have seen three different hosts exhibit the following
behavior:
* Exim rejects an SMTP connection because reverse DNS fails
* Sender immediately retries; depending on network distance, this
could be every few seconds, or several times per second
* Exim logs fill up with reject messages
Suppressing the reject messages would help, but doesn't address the
real problem, which is that these hosts are either brain-dead or
attempting a denial of service attack. Stopping exim seems to cause
the sender to pause for a while, but the behavior inevitably begins
again.
Obviously, there are ways to prevent these connections at the
router level, and I have raised issues with the upstream ISPs of the
offending hosts.
Has anyone seen this behavior before? Do you know if there's a particular
mailer that is responsible? Is there a simple way to avoid the problem
while still rejecting the mail?
I might also be interested in accepting connections from these hosts,
simply to capture whatever they are trying to send for examination.
However, I'm not completely sure what the right Exim incantation is to
accept a connection from an IP address (for which reverse DNS fails)
and direct all messages to a file. Can anyone help me out there?
Apologies for the long-winded message...
- Mark
--
*** Exim information can be found at
http://www.exim.org/ ***
