Re: [exim] Brute Force Address Detection

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Nick Miller
CC: exim-users
Subject: Re: [exim] Brute Force Address Detection
On Tue, 3 May 2005, Nick Miller wrote:
>
> Is there any way to configure exim to block a host after x number of
> failed rcpt attempts?


The Exim specification says:

As a more realistic example, in an ACL you might have

     deny   message = Too many bad recipients
            condition =                    \
              ${if and {                   \
                {>{$rcpt_count}{10}}       \
                {                          \
                <                          \
                  {$recipients_count}      \
                  {${eval:$rcpt_count/2}}  \
                }                          \
              }{yes}{no}}


The condition is true if there have been more than 10 RCPT commands and
fewer than half of them have resulted in a valid recipient.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}