Hello,
I have acl_smtp_connect defined that drops when too many auth attempts from this IP failed (thanks, Original Poster).
However, after some tweaking and Exim restarts the message SMTP client gets has changed from "Too many failed authentication attempts" to "550 Administrative prohibition" and it doesn't seem to change.
I have stopped Exim, deleted ratelimit* from /var/spool/exim/db and
started Exim. This method has always worked well with deleting callout cache for instance.
Yet, the message doesn't go away, it's still "550 Administrative prohibition" for _any ip address_.
exim -bh 87.204.147.168 -d -v:
using ACL "domeny_acl_smtp_connect"
processing "drop"
check ratelimit = 5 / 4h / strict / badauth:$sender_host_address
= 5 / 4h / strict / badauth:87.204.147.168
ratelimit condition limit=5 period=14400 key=4h/per_mail/strict/badauth:87.204.147.168
locking /var/spool/exim/db/ratelimit.lockfile
locked /var/spool/exim/db/ratelimit.lockfile
EXIM_DBOPEN(/var/spool/exim/db/ratelimit)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim/db/ratelimit: flags=O_RDWR
dbfn_read: key=4h/per_mail/strict/badauth:87.204.147.168
ratelimit initializing new key's data
dbfn_write: key=4h/per_mail/strict/badauth:87.204.147.168
ratelimit db updated
ratelimit computed rate 0.0
drop: condition test failed
end of ACL "domeny_acl_smtp_connect": implicit DENY
SMTP>> 550 Administrative prohibition
550 Administrative prohibition
LOG: MAIN REJECT
H=[87.204.147.168] rejected connection in "connect" ACL
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=25321 terminating with rc=0 >>>>>>>>>>>>>>>>
If I comment out acl_smtp_connect, it obviously works again.
But I need ratelimit DB to work correctly with this acl. How can I fix that?
acl_smtp_connect = domeny_acl_smtp_connect
acl_smtp_quit = domeny_acl_smtp_quit
acl_smtp_notquit = domeny_acl_smtp_notquit
domeny_acl_smtp_connect:
drop
log_message = RATELIMIT BAD AUTH: $sender_rate / $sender_rate_period
message = Too many failed authentication attempts / Zbyt wiele nieudanych prob uwierzytelnienia
ratelimit = 5 / 4h / noupdate / badauth:$sender_host_address
delay = 5s
domeny_acl_smtp_quit:
accept
condition=${if eq{$authentication_failed}{1}}
ratelimit = 5 / 4h / badauth:$sender_host_address
log_message = -------------BAD-AUTH: $sender_host_address
domeny_acl_smtp_notquit:
accept
condition=${if eq{$authentication_failed}{1}}
ratelimit = 5 / 4h / badauth:$sender_host_address
log_message = --------------BAD-AUTH: $sender_host_address
--
Marcin Krol