Re: [Exim] RSET resets $rcpt_fail_count?

Góra strony
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
Dla: Michael Haardt, exim-users
Temat: Re: [Exim] RSET resets $rcpt_fail_count?
At 15:25 +0200 2003/06/26, Michael Haardt wrote:
> > Do you delay after a *certain* number of failures? Is this number
>> larger than 1? I hope not..
>>
>> I think that the best strategy is to check first for unknown users if
>> the sender is <> without delay, and delay otherwise.
>
>I delay after two unsuccessful tries for a fixed interval, which turned
>out to be a good compromise between legitimate systems and dictionary
>attacks. Relying on the sender does not help, because spammers usually
>fake it anyway. By now they even learned about RSET, so I am curious
>on their next step now.


the next step is: one new transaction for each recipient. The best
technique would indeed be storing the attempts in a database and
acting on that basis.

I do not see why accept two unknown recipients, even one if one too
many (except, as I said, in the case of <> sender), consider that you
are not going to accept the email for that particular recipient
anyway, so the fact that spammers can forge <> has not effect anyway.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/