Is anyone else getting TONS of connections from seemingly random IP
addresses, all giving a HELO (something random).optprofessionals.com,
trying to send to tons of addresses. As it happens, the MAIL FROM they
are using is invalid, so we reject the messages, but there are like a
hundred or more simultaneous connections coming in at once, each one
wading its way thruough thousands of recipients - and they dont give
up either - I kill all of the processes off, and they come back
knocking on my SMTP port in less than an hour...
Anyone else seeing these?
I have smtp ratelimiting on, and they dont seem to give up, so the
connections just sit there forever.
I just wrote a script to run from cron to do exiwhat and grep for these
and kill them, since I found no other way to do it from exim..
acl_smtp_helo would be nice - Yes, the RFC's say you shouldnt reject on
a HELO, but when you KNOW its a spammer, I think its justified
It would also be nice to have a 'drop' action, where if the condition
were true, exim would give a "5xx service terminated"
It would also be REALLY nice to be able to do like below, even in the
RCPT acl. The 'drop' would drop the connection.
delay condition=${if match{$sender_helo_name}{optprofessionals.com}{yes}{no}}
delay_time=5s
drop condition=${if match{$sender_helo_name}{optprofessionals.com}{yes}{no}}
message="599 Go away"
The delay_time could be implemented with the same progressively
increasing delay time and replace the seperate ratelimiting stuff..
And Im not sure if this has been implemented or not, and no easy way to
check since im posting this from a remote terminal over a slow link, but
it would also be nice to be able to count the number of non-accepted
RCPT TO's, and shut down the connection if its above a threshold.
Actually, as long as the total count of RCPT TO's, and the count of
accepted ones, was available from an ACL, then the 'drop' above could be
used to do that..
