At 21:05 +0000 2002/12/18, Alan J. Flavell wrote:
[...]
>Already in 4.10 I see that we have $rcpt_count and $recipients_count
>available in ACLs, and I kind-of reasoned that if $rcpt_count had
>reached, say, 4, and no (or perhaps at most 1) valid recipient address
>had been achieved, then this was probably another dictionary scan
>episode. Seem reasonable?
Too reasonable. 1 out of 3 is already too little. More generally,
more than 1 wrong recipient is clearly spam or other sort of
unhealthy activity.
At 15:50 -0700 2002/12/18, Kevin P. Fleming wrote:
>Alan J. Flavell wrote:
>
>>wait, so that they drop the call. If there was an ACL command to exim
>>to tell it to unceremoniously drop the call, then I think that would
>>be just as effective (especially if taken in conjunction with a
>>blacklist that refuses further SMTP calls from that IP).
>
>4.12 also has a drop modifier, that causes the TCP connection to be dropped
>"unceremoniously" :-) So you can do this today, without tying up resources on
>your server with idle connections waiting for the caller to disconnect.
>
the drop command is present in 4.11 (if you don't want to upgrade):
142. Added extra features to ACLs: the "drop" and "defer" verbs, and the
"delay" and "control" modifiers (the latter with "freeze" and
"queue_only").
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/