According to Haakon Eriksen,
> Tony Godshall <togo@???> writes:
>
> > Hi folks.
> >
> > Symptom: tons of "Unroutable address" logs like this in
> > my /var/log/exim4/mainlog...
> >
> > 2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net
> > (thesitefights.com) [63.195.120.242]
> > F=<connie.cisneros_qx@???> rejected RCPT
> > <middleton@???>: Unrouteable address
> >
> > #reject for 40 seconds each time we get a smtp_penalty_box hit
> > iptables -A INPUT \
> > -m recent --name smtp_penalty_box --rcheck --seconds 40 \
> > -j DROP
>
>
> We do something not entirely unlike this with an ACL.
>
> defer condition = ${if and {{! def:acl_c2} \
> {> {$rcpt_count} {5}} \
> {< {$recipients_count} {${eval:$rcpt_count/2}}\
> } \
> } {yes} {no}\
> }
> log_message = Excessive invalid addresses
> delay = 45s
>
> The variable acl_c2 is set when the user is authenticated.
>
> If you're starved for resources you might not want to do this since
> you might be holding on to a lot of connection from spammers. We
> haven't found this to be much of a problem, however, since I suspect
> that a lot of spammers break the connection when they're not allowed
> to send mail at the rate they want.
>
> I think this is a neat trick, but I can't take credit for it. Kjetil
> Homme is the one that came up with it.
Outstanding. Thank you sir.
Best Regards,
Tony
