RE: [Exim] FW: Pounded after drop in helo acl

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: 'Thomas Tonino'
CC: exim-users
Subject: RE: [Exim] FW: Pounded after drop in helo acl
> -----Original Message-----
> From: Thomas Tonino [mailto:ttonino@users.sf.net]
> Sent: Tuesday, July 29, 2003 11:32 PM
>
> Kevin Reed wrote:
> > [Used the wrong email address, try it again]
> >
> > Noticed that I was getting pounded by an IP after a drop in
> one of my
> > HELO ACL checks.

[snip]
> >
> > The ACL is...
> >
> >         # Don't HELO with my IP!!!
> >         drop    message = You may not use an HELO of this
> system's IP
> > address
> >                 log_message = HELO of system's hostname
> >                 condition = ${if
> > eq{$sender_helo_name}{209.114.190.200}{yes}{no}}

> >
> > Other than blocking that IP, is there another way to deal
> with this?
> > I've seen this now several times on different IP's.
> >
>
> I think it is better to reject/drop at the RCPT stage - check
> the HELO
> in the RCPT ACL.
>
> Also, use a 'delay =' modifier. In combination with a limited
> number of
> connections per IP this will limit the 'hammering'.


I moved the the same as my IP and same as my hostname HELO ACL's to the RCPT
ACL section and then added a 30s delay and made it a deny although I think
drop and deny both do the same thing... The same host came calling a while
later but didn't seem to want to play anymore. It tried a couple times and
gave up.

BTW... I counted wrong... I said is was about 1000... It was more than
10,000. :-)

Thanks for the Tip!