Dmitry Pryadko wrote:
> Here's what I see in logs sometimes when relaying mail from my CGP
> backend through exim-based relay server:
> 2006-12-11 10:50:23 SMTP call from mail.hw.ru [194.67.32.240]:43236
> I=[194.186.94.241]:25 dropped: too many nonmail commands (last was "RSET")
>
> According to RFC 2821, "RSET" is absolutely valid command.
> Please explain me what to do.
>
http://www.exim.org/exim-html-4.63/doc/html/spec_html/index.html#toc0171
smtp_accept_max_nommail
I think that's actually a typo though.. shouldn't that be
"smtp_accept_max_noNmail" instead?
[quote docs]
smtp_accept_max_nonmail Use: main Type: integer Default: 10
Exim counts the number of “non-mail” commands in an SMTP session, and
drops the connection if there are too many. This option defines “too
many”. The check catches some denial-of-service attacks, repeated
failing AUTHs, or a mad client looping sending EHLO, for example. The
check is applied only if the client host matches
smtp_accept_max_nonmail_hosts.
When a new message is expected, one occurrence of RSET is not counted.
This allows a client to send one RSET between messages (this is not
necessary, but some clients do it). Exim also allows one uncounted
occurence of HELO or EHLO, and one occurrence of STARTTLS between
messages. After starting up a TLS session, another EHLO is expected, and
so it too is not counted. The first occurrence of AUTH in a connection,
or immediately following STARTTLS is not counted. Otherwise, all
commands other than MAIL, RCPT, DATA, and QUIT are counted.
[/quote docs]
A normal mail server should never run into this limit. Generally, it's
someone or something being evil.
