On Fri, 12 Sep 2003 16:44:01 +0100, "Alan J. Flavell" wrote:
> As we discussed here recently, though, this approach (no matter what
> limit you set) permits of a trivial workaround for the spammers: they
> just have to use RSET.
>
> I was preparing to move towards counting in the call-wide acl_c
> variables... i.e I had inserted a "warn" to find out what it would do,
> preparatory to using it instead of the existing checks - which are
> based on $rcpt_count (the number of attempted rcpt) and
> $recipients_count (the number of good recipients), [...]
Nice idea.
I'm using this in my acl_smtp_rcpt, and it's working quite well:
#
# Reject suspected dictionary attacks with lightweight teergrub.
# ACL VARIABLES: acl_c0
#
warn !verify = recipient
set acl_c0 = ${if !def:acl_c0 {1}{${eval:$acl_c0 + 1}}}
drop message = too many unrouteable recipient addresses
log_message = too many unrouteable recipient addresses
condition = ${if >{$acl_c0}{4} {1}}
hosts = !127.0.0.1/32 : !10.0.0.0/24 : *
delay = 1m
#
Thanks,
Sheldon.
