At 13:20 +0300 2003/04/30, ODHIAMBO G. Washington wrote:
>After a few days leave, everything has evaporated, so I seriously need
>some help. I have looked at the archives examples and used the following
>acl to try and keep away dictionary scans but it doesn't seem to work:
>
>drop message = *** Dict scan!. Too many bad recipients,
>$rcpt_fail_count out of $rcpt_count
> condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
> delay = ${eval: ($rcpt_fail_count + 1) * 1}m
> log_message = Dictionary attack
>
>
>I've placed this right after the callout acl.
>
>All help welcome.
why calculate the delay when you drop? delay 4m would be equivalent.
I am also not sure how delay interacts with drop.
Also rcpt_fail_count can be off by 1, since the current recipient has
not been yet rejected, so you are only dropping at the (good or bad)
recipient following 3 bad ones.
Personally I start delaying (and denying, not dropping) after one bad
recipient, and this because I feel very tolerant...
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
