Autor: Dave C. Data: A: exim-users Assumpte: [Exim] Repeating 5xx codes..
A host connects to me by SMTP, and does
MAIL FROM: <something that fails verify>
RCPT TO: <either a valid or invalid recipient>
And gets a 5xx for the failing sender verify. It then proceeds to do
this again, on the SAME connection, with a new recipient, but with the
same sender. Repeat ad nauseum. exim4's rate-limiting doesnt seem to
slow this down, and I'm not sure if the max_rcpt settings will or not,
but while I'd like to allow a fairly high number of _accepted_ RCPTS,
I'd prefer not to allow a high number of failed ones.
Is there a way to control this that I am missing?
If there isn't, then perhaps a cut-off on the max number of 5xx errors
before no more commands of any type are accepted (with the possible
exception of DATA, if there had previously been at least one acceptable
RCPT TO), but anything else (including a new MAIL FROM after the
completion of a DATA command), would get a 5xx...
Perhaps another cut off, which would could be set higher, the maximum
number of 5xx codes in a row before just dropping the connection..
Seperately from the above, I am thinking of setting up some sort of
script, which would watch the rejectlog, and keep track of the IP
addresses I am issuing rejections to, and if a particular host gets more
than a certain threshold of rejections within a period of time (or more
likely, within a certain number of log lines), then temporarily add that
host's IP to a file to be used by host_reject_connection. (it would have
an expire time or something that the script would watch for and remove
the entry appropriately)