[exim] ratelimit on dnsbl offenders?

Top Pagina
Delete this message
Reply to this message
Auteur: B. Cook
Datum:  
Aan: exim-users
Onderwerp: [exim] ratelimit on dnsbl offenders?
Our school has recently been contacted by SpamHaus b/c we are making too
/soo many queries.

After thinking about things and looking at the offenders that keep
coming back time and time again only to be rejected..

I came up with a simple ratelimit in acl_check_connect:

190 deny
191  ratelimit      = 3 / 1m / strict
192  message        = Sorry, not fast enough for you. Try again later. 
[$sender_rate/$sender_rate_period]
193  log_message    = RATE: $sender_rate/$sender_rate_period (max 
$sender_rate_limit)



This is what its catching..
grep RATE /var/log/exim/mainlog | cut -f3 -d\[ | cut -f1 -d\] | sort |
uniq -c | sort

(heres the over 200 offenders..)

201 118.69.170.90
204 123.18.170.173
206 85.105.247.43
208 117.0.155.111
208 88.224.84.103
210 123.18.85.6
217 78.171.137.27
225 123.22.119.231
242 123.19.1.197
248 123.18.243.35
316 118.71.112.87

2009-04-03 01:09:56 [85437] H=[118.71.112.87]:21151 I=[a.b.c.d]:25
rejected connection in "connect" ACL: RATE: 199.1/1m (max 3)

2009-04-03 01:09:56 [1430] H=[118.71.112.87]:21153 I=[a.b.c.d]:25
rejected connection in "connect" ACL: RATE: 199.9/1m (max 3)

so, is there a way that I can make a ratelimit acl if your ip is found
on a dnsbl?

does that make sense?

Or is this acl_check_connect good enough?