[Exim] Basic teergrubing with Exim 4.11

Top Page
Delete this message
Reply to this message
Author: Kevin P. Fleming
Date:  
To: Exim-users
Subject: [Exim] Basic teergrubing with Exim 4.11
OK, I'm not experiencing any of the problems reported so far against 4.11
(thankfully), so I've begun experimenting with the new ACL options. Most
specifically, the new "delay" feature.

What I've done is created two new ACLs:

acl_check_connect (used for acl_smtp_connect)
   accept dnslists = ....
          delay = 60s
   accept


acl_check_mail (used for acl_smtp_mail)
   accept dnslists = ...
          delay = 60s


(forgive any minor syntax errors, and obviously I've got exceptions to not check
local/trusted/etc. hosts against the DNS lists)

What this does (and it does appear to work) is cause Exim to delay 60 seconds
before sending the opening banner, and 60 seconds before responding to the MAIL
FROM: command for any calling host listed in one of the blacklists that I use.

I've also modified my acl_check_rcpt to add "delay = 120s" for sender
verification failures, misuse of the null sender (more than one RCPT TO: from
the null sender) and other checks. For blacklisted hosts, each RCPT TO: command
response is delayed a multiple of 60 seconds times the number of RCPT TO:
commands they have already supplied (using the new ${eval:...} function).

Finally, my acl_check_data adds 120s delays before responding to the DATA end
phase for the Hotmail/AOL/Yahoo forgery check failures (which we get quite a few
of).

Anyone have any more suggestions? This all seems pretty cool to me; a
blacklisted host that connects and tries to send mail to three recipients would
be connected (at least) 8 minutes, or give up first. Both of these are good
things, in my opinion. My server has ample RAM and other resources to handle
open but otherwise idle connections, so I'm glad to tar-pit these buggers.