> -----Original Message-----
> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of Michael Sprague
> Sent: Monday, June 27, 2005 2:19 PM
> To: exim-users@???
> Subject: Re: [exim] exim allowed someone to slam my mail
> server for 3 hours
>
> abc@??? wrote:
> > What happened here? I thought Exim is supposed to
> >
> > 2005-06-26 07:25:44 H=(buzz) [200.101.127.102]
> > F=<dwnj_meka_r_z_w@???> rejected RCPT
> <madeye@???>:
> > host 200.101.127.102 is listed in brazil.blackholes.us
> > 2005-06-26 07:25:46 H=(buzz) [200.101.127.102]
> > F=<dwnj_meka_r_z_w@???> rejected RCPT
> <madeye@???>:
> > host 200.101.127.102 is listed in brazil.blackholes.us
> >
>
> Sure. You can put something like this in your rcpt ACL:
>
> drop
> condition = ${if > {${eval:$rcpt_fail_count}}{3}{true}{false}}
> message = Too many failed recipients - count =
> $rcpt_fail_count
>
> This will drop the connection after 3 bad rcpt to's are done.
Right but they can just disconnect and reconnect to work around
that.
I don't see any evidence that these thousands of failures were
one single unbroken connection. How would you fix up Exim to
handle someone doing real reconnects, a new session each time?
--
Matt Sealey <matt@???>
Manager, Genesi, Developer Relations