Author: Alan J. Flavell Date: To: Exim users list Subject: [Exim] Any defence against aggressive retries?
After experiencing some fairly aggressive retries (5-6 minute interval
over a period of over 12 hours, until it was noticed and hit on the
head) from the MTA of a major provider, I've been musing over whether
exim has any effective defence mechanisms against such misbehaviour.
Sure, this is not so bad as the hopelessly-broken MTAs that repeatedly
retry within seconds, but at least that behaviour is so extreme as to
justify an immediate blacklisting, whereas the 5-6 minutes retries,
although in violation of the RFC requirements, are more in the nature
of a nuisance than a real denial of service, as long as there aren't
too many of them at the same time.
The cause of this particular incident (although the detailed cause is
maybe of little relevance to the actual problem) was their attempt to
send us mail (looked like MyDoom shrapnel, actually) from an alleged
envelope sender that can't be looked up in the DNS due to "connection
timed out; no servers could be reached" (lol365.com if you want to
know). Consequently, we would have failed this at RCPT time with a
4xx error.
Unfortunately, I know from past experience that we have some senior
users who consider that getting their incoming mail from this major
provider, cost what it may, is of more importance than any technical
issues, so I can't afford to simply blacklist the MTA on the grounds
of its violation of RFC retry rules a.k.a network abuse.
I suppose basically what I'm saying is that it would be nice to have a
way of detecting an aggressively-retrying MTA after 4xx, and, after a
while, hit the retries on the head with a 5xx, while not interfering
with the normal receipt of mail from it.