According to Tony Godshall,
> > > > #reject for 40 seconds each time we get a smtp_penalty_box hit
> > > > iptables -A INPUT \
> > > > -m recent --name smtp_penalty_box --rcheck --seconds 40 \
> > > > -j DROP
>
> ...
>
> > > We do something not entirely unlike this with an ACL.
> > >
> > > defer condition = ${if and {{! def:acl_c2} \
> ...
>
> > > If you're starved for resources you might not want to do this since
> > > you might be holding on to a lot of connection from spammers. We
> > > haven't found this to be much of a problem, however, since I suspect
> > > that a lot of spammers break the connection when they're not allowed
> > > to send mail at the rate they want.
> > >
> > > I think this is a neat trick, but I can't take credit for it. Kjetil
> > > Homme is the one that came up with it.
> >
> > Outstanding. Thank you sir.
>
> Turns out the wheel I was trying to invent is called
> "greylisting" and was already well invented and implemented
> in the form of greylistd...
>
> http://packages.debian.org/unstable/mail/greylistd
> http://projects.puremagic.com/greylisting/
>
> It doesn't tarball the spammers but it does slow bad actors
> and prioritize good actors. It's working great.
>
> Thanks all who responded.
>
> T
Doh. I meant tarpit, not tarball.
Greylisting doesn't have the altrustic component of the
other solution, but it also doesn't leave open connections,
which exim can run out of is one is not careful.
I'll shut up about this now.
:-/
Tony
