Lena@??? wrote:
> Debugged set of rules (in DATA ACL):
>
> deny message = rejected because recognized as Ukrainian spam
> condition = ${if match{$message_headers_raw}\
> {\N\A([^\n]+\n[ \t])+[^\n]+\nDate\N}}
> condition = ${if eq{$received_protocol}{esmtp}}
> condition = ${if eq{$bheader_X-Priority:}{3 (Normal)}}
> condition = ${if match{$sender_address_local_part}{\N^[a-z]{10,}$\N}}
> condition = ${if match{$bheader_To:}{\N^[^ @,;]+@[\w\.-]+$\N}}
> set acl_m_domain = ${if match{$bheader_To:}{\N@(.+)$\N}{$1}}
> condition = ${if match{$bheader_Message-ID:}\
> {\N^<\d{10}\.\d{14}@\N$sender_address_domain>\$}}
> condition = ${if match{$bheader_In-Reply-To:}\
> {\N^<[A-F\d]{44}@\N$acl_m_domain>\$}}
> condition = ${if match{$bheader_References:}\
> {\N^<[A-F\d]{44}@\N$acl_m_domain> \
> \N<[A-F\d]{30,44}@\N$sender_address_domain>\$}}
> condition = ${if !eq{${if match{$rheader_In-Reply-To:}{<(.+)@}{$1}}}\
> {${if match{$bheader_References:}{\N^<(\w+)@\N}{$1}}}}
>
> The botnet endures 20s delay in RCPT ACL. I don't want to try longer delays
> because of limited memory of the cheap VPS/VDS ($6/month for
> 64M RAM and 128M swap for Exim, webserver, POP3 server and BIND).
>
On austere hardware you may want to run some comparison tests along the lines of
seeing which actually hits the resources hardest:
- the above, intensively complex set of conditionals.
- progressive, cumulative, delays with the simplest test you can get by with.
IOW - if they hang onto the teat for 20 seconds, what happens at 30? 40? 60 -
even 120?
Bill
