On Fri, 22 Sep 2000, Dave C. wrote:
> On another tack, (this is directed mostly at PH10), how hard would it
> be to add an option to exim that if a given host failed some sort of
> syntax or verification, a configurable number of times within a
> configurable timeframe, that connections from that host would be
> refused outright for a configurable following timeframe?
Exim already has sender_verify_max_retry_rate for sender rejections, but
this applies to *temporary* rejections. Something like a syntax error in
HELO is a permanent rejection.
I've noted your idea, but I'm not convinced it is worth doing for this
reason: currently the bad host connects, you send a welcome, it sends a
bad HELO, you send a rejection and it goes away. If your idea were
implemented, then every time this happened, Exim would have to consult a
file and update it, to record the statistics. (And it would have to
consult the file for all good connections, too.) Then, when it was
rejecting, what would happen is: bad host connects, Exim reads file,
finds it should reject, and rejects. Just a couple of TCP/IP packets
saved. On balance, especially because Exim would have to maintain a
file and read it for all connections, I think you might well end up with
more overhead processing cost that the current situation.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
