RE: [exim] exim allowed someone to slam my mail server for 3…

Top Page
Delete this message
Reply to this message
Author: Matt Sealey
Date:  
To: 'Michael Sprague', exim-users
CC: 
Subject: RE: [exim] exim allowed someone to slam my mail server for 3 hours


> -----Original Message-----
> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of Michael Sprague
> Sent: Monday, June 27, 2005 2:19 PM
> To: exim-users@???
> Subject: Re: [exim] exim allowed someone to slam my mail
> server for 3 hours
>
> abc@??? wrote:
> > What happened here? I thought Exim is supposed to
> >
> > 2005-06-26 07:25:44 H=(buzz) [200.101.127.102]
> > F=<dwnj_meka_r_z_w@???> rejected RCPT
> <madeye@???>:
> > host 200.101.127.102 is listed in brazil.blackholes.us
> > 2005-06-26 07:25:46 H=(buzz) [200.101.127.102]
> > F=<dwnj_meka_r_z_w@???> rejected RCPT
> <madeye@???>:
> > host 200.101.127.102 is listed in brazil.blackholes.us
> >
>
> Sure. You can put something like this in your rcpt ACL:
>
> drop
>    condition      = ${if > {${eval:$rcpt_fail_count}}{3}{true}{false}}
>    message        = Too many failed recipients - count = 
> $rcpt_fail_count

>
> This will drop the connection after 3 bad rcpt to's are done.


Right but they can just disconnect and reconnect to work around
that.

I don't see any evidence that these thousands of failures were
one single unbroken connection. How would you fix up Exim to
handle someone doing real reconnects, a new session each time?

--
Matt Sealey <matt@???>
Manager, Genesi, Developer Relations