Autor: Jeff Hahn Data: Para: exim-users Assunto: Re: [Exim] Re: Interesting "attack" on my exim server...
Quoting Derrick 'dman' Hudson <dsh8290@???>:
>
> If you want to prevent your exim log from filling up and prevent exim
> from using system resources on this attack, just drop all their
> packets at the IP level (eg using iptables or ipchains).
>
good point! However, I'm the curious sort and I'd log the iptables rejected
packets, so it might just as well stay in exim. The rejects are logged with
the application in question and another couple of megabytes isn't going to make
much difference in 300+MB daily logs.
Thanks for the info, everyone. It still seems like a rediculously "expensive"
way to harvest email addresses. oh well, learn something new every day!
Now if we could only get exim to put a 60 second delay before replying to "rcpt
to:" then we'd really make it painful for them to harvest the addresses...