Hi
> On Thu, May 14, 2009 at 5:15 AM, David Saez Padros <david@???> wrote:
>> we do really very few callouts, zoombies get detected before
>> reaching the callout check so we almost do not do callouts for
>> mail comming from non real servers, and for real servers without
>
> Care to elaborate on how you do the zombie detection? I assume, like
> everything nowadays, it's not one simple rule, but a combination of
> several things all at once?
This works quite well:
acl_smtp_notquit:
# avoid blacklist whitelisted hosts
accept condition = ${if eq {$acl_c2}{4}}
warn condition = ${if eq {$smtp_notquit_reason}{connection-lost}}
condition = ${if >= {$rcpt_fail_count}{1}}
logwrite = :panic: OLS_BLACKLIST $sender_host_address
warn condition = ${if eq {$smtp_notquit_reason}{connection-lost}}
condition = ${if >= {$rcpt_defer_count}{1}}
logwrite = :panic: OLS_BLACKLIST $sender_host_address
warn condition = ${if eq
{$smtp_notquit_reason}{synchronization-error}}
logwrite = :panic: OLS_BLACKLIST $sender_host_address
you need to read paniclog, extract lines with OLS_BLACKLIST and
blacklist the found ip addresses
helo.acl at
http://www.ols.es/exim/acl/ works quite well
at detecting zoombies and dialup.acl works well at detecting
dialup zones, you could either block them all or block spf
neutral/softfail from dialup hosts and/or gmail domain ,also
checking common patterns (random/uppercase sender/recipient,
etc ...)
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. telf +34 902 50 29 75
----------------------------------------------------------------
