[Exim] Host-based "too many invalid recipients" rejection

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: exim-users
Subject: [Exim] Host-based "too many invalid recipients" rejection
Hi folks,

I've been toying with the idea of implementing per-host connection
rejection based on the frequency of delivery attempts for non-existent
recipients.

I'd like to keep a tally of X, the number of non-existent recipients for
which remote hosts have attempted delivery in the last Y minutes. Then
I'd like to reject connections from hosts whose X:Y ratio is above some
threshold.

I'd probably drive this from within the ACLs.

I think I'd probably implement this using a single DB file, keyed on
client host IP address. However, that might end up being a very large
file, in which case I'd hash into several files, perhaps using the first
two bytes of the IP address, e.g.

    /var/db/exim/suspect-hosts:
        10.0.db
            Containing:
                10.0.0.15:    6
                10.0.0.45:    9
        10.1.db
            Containing:
                10.1.0.122:    3
                10.1.4.106:    1


Either way, this involves scheduled tasks that clean up the files, and
feels like a bit of a head-ache.

If anyone has already done something like this in a way they feel good
about, I'd be interested in from them.

Ciao,
Sheldon.