On Mon, 2 Jun 2003, Ralf G. R. Bergs wrote:
> > log_message = $rcpt_fail_count failed recipient attempts
>
> Just some kinda nitpicking -- shouldn't the error message read "Max 2 failed
> recipients allowed"? :-)
Note that the test will differ by one depending on whether you make it
at the RCPT or at the end of DATA ACL. I'm doing it at RCPT time, but
I started from a recipe that had been intended for the DATA ACL, which
was why I initially got confused about the exact value to test
against.
And yes, when we tried dropping the call, some senders _did_ retry
over and over. Dropping the call is still our initial response in
this situation, but I'm now having the ACL write IPs which appear to
be trying dictionary-scan attacks into a separate blacklist file, and
when a call comes from such an IP (whether a retry, or whether a fresh
list of addressees) I take them, slowly, through their entire RCPT
addressee list, calmly denying each address with a "your host IP has
automatically blacklisted itself here" response.
(Most of those IPs rapidly show up in public open-proxy blacklists, by
the way, as I said before when this issue came up.)
