Dean, I think I have it.
warn condition = ${if
match{$interface_address}{(69.50.231.3|69.50.231.5)}}
ratelimit = 1 / 10s / strict
defer condition = ${if
match{$interface_address}{(69.50.231.2|69.50.231.18[0-9])}}
condition = ${if < {$load_average}{40000}{true}{false}}
!condition = ${if exists{/etc/exim/run/config-error.txt}}
!dnslists = hostkarma.junkemailfilter.com=127.0.0.1,127.0.0.3
!ratelimit = 1 / 10s / strict
set acl_m7 = ${run{/etc/exim/sql/ip-report fake
$sender_host_address}}
log_message = Spammer Connected to FAKE highest MX record -
I=$interface_address
The idea here is that connections to the warn ACL count as part of the
total for the second ACL. This if they hit the IP addresses in the first
one then if the come back within 10 seconds to the second ACL they will
be over the limit. Does this look right?
