Re: [Exim] Host-based "too many invalid recipients" rejectio…

Top Page
Delete this message
Reply to this message
Author: Ollie Cook
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Host-based "too many invalid recipients" rejection
On Wed, Jun 18, 2003 at 05:52:32AM +0200, Sheldon Hearn wrote:
> I've been toying with the idea of implementing per-host connection
> rejection based on the frequency of delivery attempts for non-existent
> recipients.
>
> I'd like to keep a tally of X, the number of non-existent recipients for
> which remote hosts have attempted delivery in the last Y minutes. Then
> I'd like to reject connections from hosts whose X:Y ratio is above some
> threshold.


Hi Sheldon,

I've recently started work on something to achieve this exact case, but I'm
planning on making it quite extensible.

The plan is to have a long-living process which tails the log file looking for
various patterns. These configurable patterns will have one backreference (e.g.
ip or whatever) which is then used as the key in a table. The value of the item
is the number of times over the last interval that it has appeared in the log.

A rolling-average, whose interval is also configurable, is also kept (default
granularity is 1 minute, presently). If the rolling average for a key is over a
given threshold, the key is written out to a DBM database.

In your case, the DBM could then be used in Exim ACLs to determine whether to
give a temporary/permanent error to RCPT commands based on that hosts previous
behaviour.

Once it's ready, as long as work agree, I will release it.

Cheers,

Ollie
--
Oliver Cook    Systems Administrator, Claranet UK
ollie@???                  020 7903 3065