Re: [Exim] unexpected disconnection

On Sat, 31 May 2003, Wakko Warner wrote:

> Personally, I check RBL on connect and drop them if they're RBLed.

There's two problems I can see with that:

1. they (nor their users) cannot even address the postmaster to
discuss the problem. It's not completely unknown for bona fide sites
(or bona fide users of poorly-managed service providers) to land up in
blacklists for some reason. In theory, your postmaster address should
always be reachable. In practice, I'd suggest it ought indeed to kept
accessible except for the worst cases of proven abuse.

2. We know from experience that some proportion of abusers react to
a connect-time drop as if it was a retryable error, so they just keep
coming back and hassling with retries; some of them don't even
back-off, so they'll keep trying every few minutes (sometimes every
few seconds!) for days on end, if you try to get rid of them that way.

Taking both those observations together, my inclination would be to
prefer one or other of the following strategies, selected according to
the nature of the abuse:

a) go along with them until RCPT time and then, if they're not
addressing the postmaster address, give them 5xx for being
blacklisted. This is the surest way to get rid of them, _and_ it
still lets bona fide victims get in touch with the postmaster.

b) if the abuse is serious enough that you wanted to refuse any call
from them, then consider blocking them in the firewall (ipchains,
iptables, whatever you use). That way, the persistent retry-ers won't
clutter up the exim log with junk entries. And if you want to waste
their time, you can do that (i.e by not acknowledging their TCP
requests and leaving them to time-out) without tying up any instances
of exim.

YMMV of course. These are just my thoughts.