Cory Daehn wrote:
> My server has been tied up with connections from servers attempting to do
> dictionary attacks for most of the last 24 hours, eating up my disk space
> with reject logs and wasting my bandwidth... Here is what I would like to
> do, and hope there's an FAQ or HOWTO or something that can help me... I'm
> running Exim 4.22 with Exiscan-ACL...
> I would like to allow no more than 10 invalid recipients per connection.
I thought this was FAQ by now. You can :)
> After each invalid recipient, take a minute longer to respond... up to 10
> minutes before finally dropping the connection.
You can set your own time.
> Exim version 4.22 #1
Same here.
> After dropping a connection due to invalid recipients, refuse
> connections from that IP address for 4-6 hours.
For that bit you'd have to write your own script (firewall?). However,
what Exim does already is better than "The Other MTA":
ACLs, under acl_check_rcpt:
# Deny and teergrube if too many wrong recipients
deny message = Max $rcpt_fail_count failed recipients allowed
condition = ${if >{$rcpt_fail_count}{10} {1}}
! verify = recipient
delay = ${eval: ($rcpt_fail_count) * 60}s
log_message = $rcpt_fail_count failed recipient attempts
--Tonni
--
Tony Earnshaw
Looking backwards is always easy with hindsight
http://www.billy.demon.nl
Mail: tonni@???
