Re: [Exim] Re: Interesting "attack" on my exim server...

Jeff Hahn wrote:
> Quoting Derrick 'dman' Hudson <dsh8290@???>:
>
>
>>If you want to prevent your exim log from filling up and prevent exim
>>from using system resources on this attack, just drop all their
>>packets at the IP level (eg using iptables or ipchains).
>>
>
>
> good point! However, I'm the curious sort and I'd log the iptables rejected
> packets, so it might just as well stay in exim. The rejects are logged with
> the application in question and another couple of megabytes isn't going to make
> much difference in 300+MB daily logs.
>
> Thanks for the info, everyone. It still seems like a rediculously "expensive"
> way to harvest email addresses. oh well, learn something new every day!
>
> Now if we could only get exim to put a 60 second delay before replying to "rcpt
> to:" then we'd really make it painful for them to harvest the addresses...

look for my script solution, and add a sleep to the perl-script ;) but i
don't know how long exim will wait for the script to run, i suppose it
enforces some kind of timeout. Btw, after thinking twice, it could be
possible to make the whole thing in the acl-part without a seperated
router, but this is something, that the more experienced should try ;)


ciao