Re: [Exim] ACL Spam Rejection Tricks

Top Page
Delete this message
Reply to this message
Author: Steve Lamb
Date:  
To: 'Exim Users'
Subject: Re: [Exim] ACL Spam Rejection Tricks
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--
Alan J. Flavell wrote:
> I -have- tried it, and it's a mixed blessing. I was motivated to do
> so after a spate of what appeared to be "dictionary scanning" via open
> relays/proxies. They would open an SMTP call and grind their way down
> typically two or three dozen addresses in alphabetical order, close
> the call, and then open another one, typically via a different open
> relay, and grind down another two or three dozen addresses.


    I was initially going to blacklist those but then I decided just to do a
basic teergrube on them.


  accept domains = +local_domains
         endpass
         message = unknown user
         verify = recipient
         delay = 20s


    I also have an ACL in there that limits them to 20 per attempt.  Ties them
up for just shy of 7m and my site is small enough I have connections to spare.
 I figure anyone else who's hitting my site and innocently hits a bad address
won't be harmed too much by 20s.


--
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
--
Content-Description: OpenPGP digital signature


[ signature.asc of type application/pgp-signature deleted ]
--