the sew wrote:
> Hi,
>
> I've got exim server as a front end to our qmail servers where all the
> users is managed,
>
> I'm using greylistd and works quite well, also have greylistd in the
> data acl for null senders.
> One of the domains is being dictionary attacked by some sort of
> zombies pc's and it eventually gets past the greylisting to the
> internal mailserver, the internal server is sending alot of unknown
> senders messages to the postmaster
>
> Is there anyway I can stop this from exim, I've seen some nice ways to
> limit dictionary attacks if more than 2 failure rcpts in the smtp
> session ( http://www.configserver.com/free/eximdeny.html ) . Is there
> possible methods to verify rcpts against the internal server via ldap
> or something like
> Q0729 in http://www.exim.org/exim-html-4.40/doc/html/FAQ_7.html#TOC259
>
> Any advice would be apreciated
>
> Thanks
>
> Sew
>
>
Here's a piece of code I use
# --- Deny if too many failed recipients
drop message = REJECTED - Too many failed recipients - count =
$rcpt_fail_count
domains = +all_mail_handled_locally
condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
!verify = recipient/callout=2m,defer_ok,use_sender