My server has been tied up with connections from servers attempting to do
dictionary attacks for most of the last 24 hours, eating up my disk space
with reject logs and wasting my bandwidth... Here is what I would like to
do, and hope there's an FAQ or HOWTO or something that can help me... I'm
running Exim 4.22 with Exiscan-ACL...
I would like to allow no more than 10 invalid recipients per connection.
After each invalid recipient, take a minute longer to respond... up to 10
minutes before finally dropping the connection.
After dropping a connection due to invalid recipients, refuse connections
from that IP address for 4-6 hours.
Any suggestions on a fairly simple way to implement this?
My exim -bV listing is as follows:
Exim version 4.22 #1 built 22-Aug-2003 13:08:45
Copyright (c) University of Cambridge 2003
Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
Support for: iconv() PAM TCPwrappers OpenSSL
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply pipe smtp
Configuration file is /etc/exim/exim.conf