Re: [Exim] RSET resets $rcpt_fail_count?

Top Page
Delete this message
Reply to this message
Author: Michael Haardt
Date:  
To: exim-users
Subject: Re: [Exim] RSET resets $rcpt_fail_count?
> >I just realized that RSET resets $rcpt_fail_count, thus making any
> >delays after a certain number of failed recipients useless. Is there any
> >objection against changing that or at least introducing a new variable
> >with the total number of failed recipients per session?


> do it with an acl variable, you set the variable in a warn condition:


Thanks a lot! I was not yet aware of acl variables, but it's exactly
what I need.

> Do you delay after a *certain* number of failures? Is this number
> larger than 1? I hope not..
>
> I think that the best strategy is to check first for unknown users if
> the sender is <> without delay, and delay otherwise.


I delay after two unsuccessful tries for a fixed interval, which turned
out to be a good compromise between legitimate systems and dictionary
attacks. Relying on the sender does not help, because spammers usually
fake it anyway. By now they even learned about RSET, so I am curious
on their next step now.

Michael