Re: [exim] Rate Limit Question

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Rate Limit Question
Marc Perkel wrote:
> Trying to figure a good way to do some fancy rate limiting. What I'd
> like to do is test a rate limit without adding to the count.
>
> Here's the situation. I get a dictionary attack from an IP address. So
> what I want to do is count bad recipients so that every time I get a bad
> recitient from an IP address I add 1 to the count.
>
> In a separate ACL I want to look at the count and if it is greater than
> my limit I want to do a defer. But I don't want the defer test to affect
> the count. But I'm not seeing a way to test a count without adding to
> the count.
>
> The idea here is to have one ACL affect the count but a different ACL to
> test the cout without affecting it.
>
>


Dictionary attack, and you want to go out and play?

What's wrong with:

drop
 !verify = recipient
 delay     = JAILs


How often do you get a mixture of valid traffic for valid recipients and bogus
recipients in the same connection?

I haven't had any *this* year, though the year isn't over yet....

Shoot *that* messenger also.

At the front gate.

The MACRO for JAIL time is just gut-shooting and letting him bleed-out the few
things precious to a spambot.

A source IP stack with available capacity. And time.

Pretty low overhead.

Bill

'Beware the fury of a patient man' Dryden