Author: Marilyn Davis Date: To: Mark Smith CC: 'Exim Mailing List' Subject: RE: [exim] exim allowed someone to slam my mail server for 3 hours
On Mon, 27 Jun 2005, Mark Smith wrote:
>
> > I just added this and I tested it from a yahoo account by
> > sending to 4 addresses on my domain, 3 of which are bogus.
> >
> > Yahoo makes 4 connections:
> >
> > 10800 Listening...
> > 10800 Connection request from 68.142.206.160 port 43138 10800
> > 1 SMTP accept process running 10800 Listening...
> > 10800 Connection request from 68.142.206.160 port 43139 10800
> > 2 SMTP accept processes running 10800 Listening...
> > 10800 Connection request from 68.142.206.160 port 43140 10800
> > 3 SMTP accept processes running 10800 Listening...
> > 10800 Connection request from 68.142.206.160 port 43141 10800
> > 4 SMTP accept processes running 10800 Listening...
> >
> > So, that's disappointing. The spammer has to cooperate?
> >
> > Marilyn Davis
> >
> The only way to deal with that is to set smtp_accept_max_per_host = 1.
Thank you. But it doesn't seem to fix anything, it just takes longer
because the other connections are delayed. But the result is the
same. $rcpt_count never gets above 1.
Now, why would yahoo only send one RCPT per connection when 4
addresses to the same domain are on the same message? What is the
benefit of doing that -- aside from facilitating spam from their
addresses?