[exim] Check for rcpt_fail_count not working all the time?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: srunschke
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Check for rcpt_fail_count not working all the time?
Hi,

with the current mass-spamming of Sober.AG I noticed in the logs that we
get tons of mails with wrong recipients which get denied. But actually I
added a rule for dropping connections with too many false recipients
a long time ago and now I noticed that it does not seem to work correctly.
I can't find the reason for it not working though.

When using exim -bhc for testing, the connection gets dropped
at the fifths wrong recipient - while exim claims it's the fourth...
*cough* ;)
This is done by doing a repeated "rcpt to: abc@???" at the
prompt. Does the virus use another way of addressing multiple
accounts and does exim not recognize that? And does exim "forget"
to take the first wrong recipient into account?

Our exim servers are running as in- and outgoing relay for our outer
notes cluster, which then routes the mails further inside, hence I'm
doing a full callout on incoming mail, so non-existent addresses get
blocked at the relays. Even though all messages get blocked due
to non-existant addresses, they still produces countless lines of
logoutput which I would like to get rid of with dropping the connection
after 3 wrong recipients.

relay_to_domains contains all domains we are hosting and get
relayed inside via a notes cluster.

These are the check_rcpt acls:

accept hosts = :

  deny    message       = This email address is an automated process and 
not read. Please use abuse\\at\\abit.de if you need to contact the 
technical staff about a problem.
          domains       = +relay_to_domains
          local_parts   = valert


  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  accept  local_parts   = postmaster
          domains       = +local_domains : +relay_to_domains


# Deny unless the sender address can be verified.

  require verify        = sender


  accept  domains       = +local_domains
          endpass
          verify        = recipient


  drop    message     = REJECTED - Too many failed recipients - count = 
$rcpt_fail_count
          domains     = +relay_to_domains
          log_message = REJECTED - Too many failed recipients - count = 
$rcpt_fail_count
          condition   = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
          !verify     = recipient/callout=2m,defer_ok,use_sender


  deny    message   = REJECTED - Recipient Verify Failed - User Not Found
          domains   = +relay_to_domains
          !verify   = recipient/callout=2m,defer_ok,use_sender


  accept  domains       = +relay_to_domains
          endpass


  accept  hosts         = +relay_from_hosts


accept authenticated = *

  deny    message       = relay not permitted



Any help would be appreciated.

regards
        sash


--------------------------------------------------
Sascha Runschke
Netzwerk Administration
IT-Services

ABIT AG
Robert-Bosch-Str. 1
40668 Meerbusch

Tel.:+49 (0) 2150.9153.226
Mobil:+49 (0) 173.5419665
mailto:SRunschke@abit.de

http://www.abit.net
http://www.abit-epos.net
---------------------------------
Sicherheitshinweis zur E-Mail Kommunikation /
Security note regarding email communication:
http://www.abit.net/sicherheitshinweis.html