Re: [Exim] Re: smtp_accept_max_rcpt_failures?!

Top Page
Delete this message
Reply to this message
Author: Ralf G. R. Bergs
Date:  
To: exim-users@exim.org
Subject: Re: [Exim] Re: smtp_accept_max_rcpt_failures?!
On Mon, 02 Jun 2003 09:26:45 +0100, Nigel Metheringham wrote:

>On Mon, 2003-06-02 at 08:43, Patrick Starrenburg wrote:
>> On Mon, 02 Jun 2003 06:50:59 GMT Ralf G. R. Bergs wrote:
>>
>> > Is there a way of saying "if the client connected gave more than <n>
>> > rejected RCPT commands, disconnect it"? I suspect there isn't since I
>> > couldn't find anything applicable.
>>
>> What we use got from someone else on the list (!) who only allowed two. We
>> do three. For good measure delays them also.
>>
>> acl_check_rcpt:
>>
>>   # We stall people who try 3 or more illegal recipients
>>   deny  message      = Max 3 failed recipients allowed
>>         condition    = ${if >{$rcpt_fail_count}{2} {1}}
>>         delay        = ${eval: ($rcpt_fail_count) * 30}s
>>         log_message  = $rcpt_fail_count failed recipient attempts

>
>This rejects further recipients.


Ah, well, I see.

>If you *really* want to drop the connection then use the drop verb, but
>be aware that this will have side effects - if a delivering MTA has an
>initial set of bad recipients for whatever reason and you are dropping
>the connection it may then retry the whole transaction (including the
>bad recipients) since from its point of view the whole last connection
>went bad.


I see your point. How "probable" is this scenario? Will I cause additional
traffic and load to my server, or will I spare it this additional load?

RFC-2821 says for 550 "The SMTP client is discouraged from repeating the exact
request (in the same sequence)." Doesn't that prevent the client from
repeating the whole transaction (provided that it follows RFC-2821, which
isn't very probably for spammers, I guess)?


--
   L I N U X       .~.
  The  Choice      /V\
   of a  GNU      /( )\
  Generation      ^^-^^