Re: [exim] Data ACL - Received: from header

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Data ACL - Received: from header
Lena@??? wrote:
> Debugged set of rules (in DATA ACL):
>
>   deny  message = rejected because recognized as Ukrainian spam
>         condition = ${if match{$message_headers_raw}\
>                               {\N\A([^\n]+\n[ \t])+[^\n]+\nDate\N}}
>         condition = ${if eq{$received_protocol}{esmtp}}
>         condition = ${if eq{$bheader_X-Priority:}{3 (Normal)}}
>         condition = ${if match{$sender_address_local_part}{\N^[a-z]{10,}$\N}}
>         condition = ${if match{$bheader_To:}{\N^[^ @,;]+@[\w\.-]+$\N}}
>         set acl_m_domain = ${if match{$bheader_To:}{\N@(.+)$\N}{$1}}
>         condition = ${if match{$bheader_Message-ID:}\
>                               {\N^<\d{10}\.\d{14}@\N$sender_address_domain>\$}}
>         condition = ${if match{$bheader_In-Reply-To:}\
>                               {\N^<[A-F\d]{44}@\N$acl_m_domain>\$}}
>         condition = ${if match{$bheader_References:}\
>                               {\N^<[A-F\d]{44}@\N$acl_m_domain> \
>                               \N<[A-F\d]{30,44}@\N$sender_address_domain>\$}}
>         condition = ${if !eq{${if match{$rheader_In-Reply-To:}{<(.+)@}{$1}}}\
>                          {${if match{$bheader_References:}{\N^<(\w+)@\N}{$1}}}}

>
> The botnet endures 20s delay in RCPT ACL. I don't want to try longer delays
> because of limited memory of the cheap VPS/VDS ($6/month for
> 64M RAM and 128M swap for Exim, webserver, POP3 server and BIND).
>


On austere hardware you may want to run some comparison tests along the lines of
seeing which actually hits the resources hardest:

- the above, intensively complex set of conditionals.

- progressive, cumulative, delays with the simplest test you can get by with.

IOW - if they hang onto the teat for 20 seconds, what happens at 30? 40? 60 -
even 120?


Bill