Re: [Exim] caching HELO/EHLO data

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMOllie Cook at <-
.M 
Delete this message
Reply to this message
Author: Ollie Cook
Date:  
To: exim-users
Subject: Re: [Exim] caching HELO/EHLO data
On Wed, Mar 03, 2004 at 11:04:48AM +0000, Ollie Cook wrote:
> I have rolled a patch against Exim 4.30 to detect hosts who identify
> themselves using different HELO/EHLO arguments over time, since this helps
> detect two patterns of spam software that we see at our site:

*snip*

Readers may be interested to know that, having used this patch in combination
with an ACL to introduce a delay into SMTP conversations with hosts whose
EHLO/HELO strings change, our site has significantly reduced the volume of mail
received from malware SMTP engines.

The patch is available from:

http://www.olliecook.net/projects/eximpatches/exim-4.30-helo-cache.diff

Cheers,

Ollie 

--
Oliver Cook    Systems Administrator, Claranet UK
ollie@???               +44 20 7903 3065



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] [patch] anti sorted dictionary attackRe: [Exim] exim and sql forwarding->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)