I know we all have a fantasy that these delays actually slow down
spammers - but - in reality - I doubt it make any difference at all. But
- if someone wants to prove me wrong that would be great.
Christian Stiller wrote:
> Hi,
>
> I have been playing around with delaying smtp connections instead of
> just rejecting them if they are clearly spam (simplest case: HELO with
> my own IP address). Now I got a couple of questions about this. I'm
> not a total exim beginner, but as you might see from my questions I'm
> far from expert level, and this areas is kinda new for me. I read a
> lot about this on the web, but still don't quite get it...
>
>
> - when an ACL hits a delay (e.g. bad HELO), there won't be any message
> in the logfile until the delay is over. Is there any way to make exim
> generate a message in the logfile like "bad HELO, delaying for x
> minutes" as soon as the condition is hit, and not after the delay?
> That way, not only could I see what's going on, but also how long I am
> effectively holding up the spammer.
>
> - it seems like executing "exiwhat" will cancel all current delays.
> E.g., when I delay for 5 minutes, but someone runs exiwhat 10 seconds
> into the delay, exim seems to go on with this connection instead of
> waiting till the 5 minutes are over. Is this intended? Is there any
> other tool I could use that does keep the delays "running"?
>
> - I have read about sending "continuation lines" instead of just
> delaying. What's the benefit of this? And then: How do I do that?
>
> - For delays that I don't use "just in case because something does not
> look right" but for connections that I KNOW I will reject anyway, is
> there something to just "drop" the connection? Basically the spam
> server would wait for my reponse either way, but opposed to an
> "infinite delay" a "just don't care about that connection anymore"
> might free up resources
>
> - When I delay for 5 minutes before rejecting, and the client just
> closes the connection right away (like me closing the telnet window),
> it seems like exim still waits the 5 minutes and then writes his
> logfile. Any chance to catch the fact that the other side dropped? I
> guess not since the other side is only waiting (is this where
> continuation lines come into play?)
>
>
> Thanks a lot for helping me out!
>
> Christian
>