Re: [Exim] dictionary attack

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MGeorge Szekely at <-
MMMAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: George Szekely
CC: exim-users
Subject: Re: [Exim] dictionary attack
George Szekely wrote:
> I've tried the following condition which seems to work only on
> request coming in at the same time.
>
> ${if = {${eval:$rcpt_fail_count}}{1}{yes}{no}}
>
> But I get hit every 5 to 10 seconds from the same IP (even the IP
> changes regularly after a while) for a different user address. Is it
> possible to insert a delay, like 3 minutes to hosts that just tried
> to hit a nonexistent user (Unrouteable address) - in the router
> section? Or anyone has a suggestion on how to get rid of them?

How about this? 

deny message   = Recipient unknown
      !verify   = recipient
      delay     = ${eval: ($rcpt_fail_count + 1) * 1}m


Nico




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] dictionary attackRe: [Exim] Regarding vacation messages->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)