On Wed, Mar 03, 2004 at 11:04:48AM +0000, Ollie Cook wrote:
> I have rolled a patch against Exim 4.30 to detect hosts who identify
> themselves using different HELO/EHLO arguments over time, since this helps
> detect two patterns of spam software that we see at our site:
*snip*
Readers may be interested to know that, having used this patch in combination
with an ACL to introduce a delay into SMTP conversations with hosts whose
EHLO/HELO strings change, our site has significantly reduced the volume of mail
received from malware SMTP engines.
The patch is available from:
http://www.olliecook.net/projects/eximpatches/exim-4.30-helo-cache.diff
Cheers,
Ollie
--
Oliver Cook Systems Administrator, Claranet UK
ollie@??? +44 20 7903 3065
