> -----Original Message-----
> From: Thomas Tonino [mailto:ttonino@users.sf.net]
> Sent: Tuesday, July 29, 2003 11:32 PM
>
> Kevin Reed wrote:
> > [Used the wrong email address, try it again]
> >
> > Noticed that I was getting pounded by an IP after a drop in
> one of my
> > HELO ACL checks.
[snip]
> >
> > The ACL is...
> >
> > # Don't HELO with my IP!!!
> > drop message = You may not use an HELO of this
> system's IP
> > address
> > log_message = HELO of system's hostname
> > condition = ${if
> > eq{$sender_helo_name}{209.114.190.200}{yes}{no}}
> >
> > Other than blocking that IP, is there another way to deal
> with this?
> > I've seen this now several times on different IP's.
> >
>
> I think it is better to reject/drop at the RCPT stage - check
> the HELO
> in the RCPT ACL.
>
> Also, use a 'delay =' modifier. In combination with a limited
> number of
> connections per IP this will limit the 'hammering'.
I moved the the same as my IP and same as my hostname HELO ACL's to the RCPT
ACL section and then added a 30s delay and made it a deny although I think
drop and deny both do the same thing... The same host came calling a while
later but didn't seem to want to play anymore. It tried a couple times and
gave up.
BTW... I counted wrong... I said is was about 1000... It was more than
10,000. :-)
Thanks for the Tip!
