Re: [exim] HELO delays

Top Page
Delete this message
Reply to this message
Author: Clive Goodhead
Date:  
To: exim-users
Subject: Re: [exim] HELO delays
>
>
> --On 10 November 2006 10:31:38 +0000 Clive Goodhead

<clive@???> wrote:
>
> > For some months now we have used a HELO ACL to delay by
> > 35 seconds all connections with suspicious looking HELOs.
> > This is very effective at reducing the amount of spam
> > that our servers receive, while not preventing "real"
> > email getting through, because much of the current
> > spamming software seems to drop the connection during the
> > delay period.
>
> Is 35 seconds really necessary? It will fall foul of sender

verification
> callouts, preventing you from sending messages to hosts that call

out with
> suspicious looking HELOs.
>
> Have you experimented with shorter delays? Putting the delay at

pre-data,
> so that you can exempt your postmaster address?
>


Thank you for a prompt reply. Ironically, our postmaster
addresses are the chief beneficiaries of our approach. For
those who wish to have it we have reasonable spam filtering
in place. We do not, however, apply filters to our postmaster
and abuse addresses, even though we now receive hundreds of
spams to the postmaster addresses; some spammers now seem to
add a postmaster address to the recipients presumably in the
hope that the whole lot will get whitelisted.

I have to admit I had not thought about sender verification
as it is something that we ourselves have taken the decision
not to use. I would hope, however, that people who know how
to use it could set up their servers to HELO properly. We did
do tests on the delay period and 30 seconds did not prove to
be quite enough.

> Of course, the only resources you need to worry about are process

count
> (some systems have limits to the number of concurrent processes, so

you
> should find out what your limit is), and RAM. The waiting process

won't
> actually do any processing, disk access or network access.


I can use the logs to estimate the numbers of delayed processes
and thus investigate whether process limits will be a problem.
Do you have any ideas, however, on how I can find out how much
RAM a delayed process will use? We use Exim 4.63 and FreeBSD 4.11
on our current production servers.

>
> > As our mail volumes get higher, however, I am beginning to
> > be concerned about the load that all these delayed
> > connections will place on our servers. At the moment it
> > does not appear to be an issue, but I am looking for advice
> > on whether or not it is likely to become a problem.
> >
> > Regards
> >
> > Clive Goodhead
> > --
> > ------------------------------------------------------------
> > Cornwall Internet Limited
> > Registered in England, registered number 3387326.
> > Registered office: Montaza, Fore Street, Goldsithney,
> > Penzance, Cornwall, UK.
> > ------------------------------------------------------------
>
>
>
> --
> Ian Eiloart
> IT Services, University of Sussex
>
>