> I'm considering the idea of having a mechanism for enforcing a maximum
> number of connections from a specific IP, however this feels like a
> significant change to exim (keeping per connection state in the central
> daemon, mopping up when children die etc).
I have the luxury of not getting much traffic, so I can do things like start
exim from inetd (removing the need for watcher processes to check that the
listener daemon hasn't died).
I use lock files and the like to restrict the number of callers (e.g. 5
external callers and 20 internal at any time), which could trivially be
extended to include the calling IP address / DNS name in the lock file.
However, I suspect that your throughput is several orders of magnitude larger,
so you cannot use similar approaches :-(
--
*** Exim information can be found at
http://www.exim.org/ ***