[exim] Use of delays

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: W B Hacker
Dátum:  
Címzett: exim users
Tárgy: [exim] Use of delays
This is not a recommendation, will not work for everyone, requires plentiful
machine resources, etc. ... disclaimer(n)

Caveats done, FWIW, which may be nothing at all..

.... here is an example of an 'instrumented' R&D server (verbose logging)
disposing of a parasite by simply outwaiting it:

========================================================================
2006-11-03 04:12:52 SMTP connection from [59.117.247.20]:1244
I=[203.194.153.83]:25 (TCP/IP connection count = 1)

2006-11-03 04:13:24 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C6 59.117.247.20 59-117-247-20.dynamic.hinet.net
Source hostname Blacklisted Hits = 1 Jailed! 32 seconds!

2006-11-03 04:13:56 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C7 59.117.247.20 59-117-247-20.dynamic.hinet.net
Source Name Brownlisted - Jailed! 32 seconds!

2006-11-03 04:14:28 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C8 Sender 59.117.247.20
59-117-247-20.dynamic.hinet.net in dynamic-IP Blacklist Hits = 1 Jailed! 32 seconds!

2006-11-03 04:15:01 H=59-117-247-20.dynamic.hinet.net [59.117.247.20]:1244
I=[203.194.153.83]:25 Warning: C9 59.117.247.20 59-117-247-20.dynamic.hinet.net
Blacklisted in (sbl-xbl.spamhaus.org) Hits = 2 Jailed! 32 seconds!

2006-11-03 04:15:01 SMTP connection from 59-117-247-20.dynamic.hinet.net
[59.117.247.20]:1244 I=[203.194.153.83]:25 lost

==========================================================================

The parasite, which has a valid-but-useless PTR record, BTW, despite being a
dynamic-IP adsl service, could have been nailed on any one of, or combination
of, of the four faults in acl_smtp_connect alone (C6, C7, C8, C9 are acl
clauses), Black and Brown lists are local lookups, and very short lists.

This caller never entered the 'full' acl_smtp_helo phase, and our server was
never called upon to even give an online acl_smtp_connect rejection message.

It gave up and left of its own accord at T+ 2 minutes 9 seconds after arrival.

Many will not wait even 64 seconds, and some give up even sooner.

No panacea, just one more road to the gulag for the spambots.

YMMV,

Bill