> >I just realized that RSET resets $rcpt_fail_count, thus making any > >delays after a certain number of failed recipients useless. Is there any
> >objection against changing that or at least introducing a new variable
> >with the total number of failed recipients per session? > do it with an acl variable, you set the variable in a warn condition:
Thanks a lot! I was not yet aware of acl variables, but it's exactly
what I need.
> Do you delay after a *certain* number of failures? Is this number
> larger than 1? I hope not..
>
> I think that the best strategy is to check first for unknown users if
> the sender is <> without delay, and delay otherwise.
I delay after two unsuccessful tries for a fixed interval, which turned
out to be a good compromise between legitimate systems and dictionary
attacks. Relying on the sender does not help, because spammers usually
fake it anyway. By now they even learned about RSET, so I am curious
on their next step now.