Re: [exim] exim allowed someone to slam my mail server for 3…

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
CC: dot
Subject: Re: [exim] exim allowed someone to slam my mail server for 3 hours
On 28/06/05, Tony Finch <dot@???> wrote:
> On Mon, 27 Jun 2005, Peter Bowyer wrote:
> >
> > My next enhancement is to count invalid recipients across connections
> > from a single IP, and DNSBL the connecting IP once it reaches a
> > threshold.
>
> You could use the ratelimit feature in 4.52 to do this.


I've looked at doc/NewStuff in the 4.52 snapshot, there's lots of good
things there, and notably, lots contributed by developers other than
'PH' - which has to be healthy (meant in a constructive way, of
course....). Thanks to all involved.

If I were only dealing with a single server I can see how I could use
the new ratelimit features, but my situation requires monitoring of
client behaviour and application of controls across a group of
geographically-separate servers. We've observed that dictionary spams
are agile across all the MXs for a domain, presumably in an attempt to
avoid tripping ratelimit-style controls, so we need to aggregate
behaviour from a single client across all the MXs.

I'm sure the ratelimit stuff can help do some of the detection work,
though... I'll have a decent look at it.

Peter

--
Peter Bowyer
Email: peter@???
Tel: +44 1296 768003
VoIP: sip:peter@???