Some moron tried to send mail to or through my server using HELO
strings with faked IP addresses in them. They tried several thousand
times actually, from about a half-dozen different (real) origin
addresses, over the course of several days. Thanks to exim's
HELO-syntax check, every one was quashed in the bud. But this
technically could have become a DoS very quickly.
I have put in reports to the appropriate ISP's, along with requests
that they provide me with identification and contact information of the
responsible idiot. I really want to call this schmuck and ask him if he
can come up with any pittance of a reason I shouldn't sue him into the
ground or file criminal trespass charges. I'm not very hopeful that
they will do so, 'user privacy' and all.
While I can understand their position (I work for an ISP too), I'm
curious why spammers deserve to have their identity protected? Couldn't
ISP's include language in their TOS/AUP which said that users agreed
that if they were caught in the act of gross network abuse, that their
ID and contact info would be shared with their victims? Wouldnt this
help cut way down on spam?
I'm all in favor of the right to anonymity and privacy on the Internet
- but I am not in favor of the right to anonymously abuse servers and
networks.
On another tack, (this is directed mostly at PH10), how hard would it
be to add an option to exim that if a given host failed some sort of
syntax or verification, a configurable number of times within a
configurable timeframe, that connections from that host would be
refused outright for a configurable following timeframe? (Yes, I used
'configurable' way too many times in that sentence)
(Eg, to take this case as an example, if you fail a HELO syntax check,
say, 5 times, within a 5 minute period, I refuse connections from you
for an hour)