Author: Wouter Verhelst Date: To: exim-users Subject: [exim] Running some code rather than having exim log stuff
Hi,
My exim4 mainlog contains things like the following a rather high number
of times:
2007-03-21 07:47:55 H=c-71-232-114-108.hsd1.ma.comcast.net (localhost) [71.232.114.108] F=<talktrain.com@....com> rejected RCPT <gb30472@???>: response to "RCPT TO:<gb30472@???>" from 81.165.67.129 [81.165.67.129] was: 550 unknown user
2007-03-21 07:47:55 unexpected disconnection while reading SMTP command from c-71-232-114-108.hsd1.ma.comcast.net (localhost) [71.232.114.108]
Sure enough, this is a spammer (the "gb30472" local part has never
existed at my domain; it's part of a mutt message-ID that is listed on
lists.debian.org). When this happens (a host disconnecting without
properly saying goodbye after giving an invalid local part), I'd like to
add them to a database so that I can use that as a data point in further
connection attempts; if they do a sufficient amount of "bad things",
I'll assume they're spammers and will block them.
The main problem is that AFAICS in the documentation, the only thing
exim can do when an unexpected disconnection occurs is log the event.
I'd like to be able to run some ACL code at that point, so that I can
possibly call a bit of shell stuff, but I don't think that's possible.
Am I missing something? If not, please consider this a wishlist item :)
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22