> -----Original Message-----
> From: Gururajan Ramachandran [mailto:gururajan20815@yahoo.com]
> Can I check for the type of spam where an email is
> sent
> to a bunch of recipients with many non-existent
> addresses? I would like to use the threshold of say
> three non-existent email addresses or something like
> that and reject the email on that basis. Is something
> like this in the online manual. I looked but was
> probably looking on the wrong places.
In Exim 4, I use this in the RCPT ACL:
# "Rumplestiltskin attack" rejection -- after the fifth bad recipient,
# the connection is dropped.
drop condition = ${if >{$rcpt_fail_count}{5}{1}{0}}
message = Too many bad recipients.
Another options is to throw in "delay" modifiers after a certain number of
bad recipients, to slow them down. I did that for a while, but ultimately
decided I'd rather just drop the connection.
