SOLVED Re: [exim] slowing spammers with iptables -m recent

Top Page
Delete this message
Reply to this message
Author: Tony Godshall
Date:  
To: Haakon Eriksen
CC: Exim users list
Old-Topics: Re: [exim] slowing spammers with iptables -m recent
New-Topics: SOLVED(2) Re: [exim] slowing spammers with iptables -m recent
Subject: SOLVED Re: [exim] slowing spammers with iptables -m recent
According to Haakon Eriksen,
> Tony Godshall <togo@???> writes:
>
> > Hi folks.
> >
> > Symptom: tons of "Unroutable address" logs like this in
> > my /var/log/exim4/mainlog...
> >
> > 2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net
> > (thesitefights.com) [63.195.120.242]
> > F=<connie.cisneros_qx@???> rejected RCPT
> > <middleton@???>: Unrouteable address
> >
> >   #reject for 40 seconds each time we get a smtp_penalty_box hit
> >   iptables -A INPUT \
> >     -m recent --name smtp_penalty_box --rcheck --seconds 40 \
> >     -j DROP

>
>
> We do something not entirely unlike this with an ACL.
>
> defer condition = ${if and {{! def:acl_c2} \ 
>                             {> {$rcpt_count} {5}} \
>                             {< {$recipients_count} {${eval:$rcpt_count/2}}\
>                               } \
>                            } {yes} {no}\
>                     }
>           log_message   = Excessive invalid addresses
>           delay         = 45s

>
> The variable acl_c2 is set when the user is authenticated.
>
> If you're starved for resources you might not want to do this since
> you might be holding on to a lot of connection from spammers. We
> haven't found this to be much of a problem, however, since I suspect
> that a lot of spammers break the connection when they're not allowed
> to send mail at the rate they want.
>
> I think this is a neat trick, but I can't take credit for it. Kjetil
> Homme is the one that came up with it.


Outstanding. Thank you sir.

Best Regards,

Tony