Re: [exim] HELO delays

Steffen Heil wrote:
> Hi
>
>> For some months now we have used a HELO ACL to delay by
>> 35 seconds all connections with suspicious looking HELOs.
>
> Looks a little long for me.
>
>> This is very effective at reducing the amount of spam that
>> our servers receive, while not preventing "real"
>> email getting through, because much of the current spamming
>> software seems to drop the connection during the delay period.
>
> That's not what I am seeing.
> However, a lot of spammers don't wait for the servers hello.
> So I have 5s delay AND synchroization enforced and I see a lot of
>> 554 SMTP synchronization error
> And those (propable spammer) connections are then dropped *on my side*.
>
>> As our mail volumes get higher, however, I am beginning to be
>> concerned about the load that all these delayed connections
>> will place on our servers. At the moment it does not appear
>> to be an issue, but I am looking for advice on whether or not
>> it is likely to become a problem.
>
> I would not think this is such a big problem as long as you allow
> pipelining.
> (Delay then only occurs for the first mail.)
>
> That may interfer with greylisting though.
>
> Regards,
> Steffen
>

But specifically NOT allowing pipelining (and enforcing sync) tosses off a whole
'nuther class of spambots.

Not fussed, as we only apply delay to rDNS-fail arrivals in acl_smtp_connect,
then to HELO-fail arrivals (same folks again) in acl-smtp_helo.

Bill