Marc Perkel wrote:
> Trying to figure a good way to do some fancy rate limiting. What I'd
> like to do is test a rate limit without adding to the count.
>
> Here's the situation. I get a dictionary attack from an IP address. So
> what I want to do is count bad recipients so that every time I get a bad
> recitient from an IP address I add 1 to the count.
>
> In a separate ACL I want to look at the count and if it is greater than
> my limit I want to do a defer. But I don't want the defer test to affect
> the count. But I'm not seeing a way to test a count without adding to
> the count.
>
> The idea here is to have one ACL affect the count but a different ACL to
> test the cout without affecting it.
>
>
Dictionary attack, and you want to go out and play?
What's wrong with:
drop
!verify = recipient
delay = JAILs
How often do you get a mixture of valid traffic for valid recipients and bogus
recipients in the same connection?
I haven't had any *this* year, though the year isn't over yet....
Shoot *that* messenger also.
At the front gate.
The MACRO for JAIL time is just gut-shooting and letting him bleed-out the few
things precious to a spambot.
A source IP stack with available capacity. And time.
Pretty low overhead.
Bill
'Beware the fury of a patient man' Dryden