Hi folks,
I've been toying with the idea of implementing per-host connection
rejection based on the frequency of delivery attempts for non-existent
recipients.
I'd like to keep a tally of X, the number of non-existent recipients for
which remote hosts have attempted delivery in the last Y minutes. Then
I'd like to reject connections from hosts whose X:Y ratio is above some
threshold.
I'd probably drive this from within the ACLs.
I think I'd probably implement this using a single DB file, keyed on
client host IP address. However, that might end up being a very large
file, in which case I'd hash into several files, perhaps using the first
two bytes of the IP address, e.g.
/var/db/exim/suspect-hosts:
10.0.db
Containing:
10.0.0.15: 6
10.0.0.45: 9
10.1.db
Containing:
10.1.0.122: 3
10.1.4.106: 1
Either way, this involves scheduled tasks that clean up the files, and
feels like a bit of a head-ache.
If anyone has already done something like this in a way they feel good
about, I'd be interested in from them.
Ciao,
Sheldon.
