RE: [exim] exim allowed someone to slam my mail server for 3…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marilyn Davis
Date:  
À: Mark Smith
CC: 'Exim Mailing List'
Sujet: RE: [exim] exim allowed someone to slam my mail server for 3 hours
On Mon, 27 Jun 2005, Mark Smith wrote:

>
> > > The only way to deal with that is to set
> > smtp_accept_max_per_host = 1.
> >
> > Thank you. But it doesn't seem to fix anything, it just
> > takes longer because the other connections are delayed. But
> > the result is the same. $rcpt_count never gets above 1.
>
> That's true. All it does is slow them down and stop them sending to more
> than one recipient at a time, some of which will fail and some won't (if
> they're carrying out a dictionary attack). It just gives you more time to
> notice what they're doing and block them before they manage to send you
> hundreds of spam emails.


But I'd rather that they pump up the $rcpt_failed_count so I can drop
them based on that, wouldn't I? Then they wouldn't get any mail into
my machine.

> >
> > Now, why would yahoo only send one RCPT per connection when 4
> > addresses to the same domain are on the same message? What
> > is the benefit of doing that -- aside from facilitating spam
> > from their addresses?
> >
>
> I've wondered this myself. There seems to be quite a few mailservers out
> there that do this.


Hmmm. Very curious indeed.

Thank you.

Marilyn

>
> - Mark
>
>
>


--