Re: [exim] ratelimiting help

Top Page
Delete this message
Reply to this message
Author: Ruairi Hickey
Date:  
To: exim-users
Subject: Re: [exim] ratelimiting help
In reply to myself.. .the problem wasnt with the noupdate stanza but with the
block that was updating the rate - i only wanted it to do so when the
recipient was invalid... I needed to reorder the block so the condition check
occurred before the ratelimit (as follows)

What these blocks achieve is it counts (ratelimits) all emails sent to invalid
addresses - these emails are then denied at smtp time by the second block.

The third block denies emails from hosts who have exceeded the limit of 4
invalid recipients / hour. This should mean that spambots which attempt to
send large amounts of SPAM to invalid addresses will have attempts to send ti
valid addresses dropped .... I currently see about 10 hosts blocked with
scores ranging from 4.5 to 32. I will post an update in a few weeks to let
you know how successful this is....

Ruairi

 warn
    !hosts  = : +relay_from_hosts
    condition = 
${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes} }
    ratelimit = 4 / 1h / strict / per_cmd                                                     
    logwrite  = RATE UPDATE: $sender_rate/$sender_rate_period (max 
$sender_rate_limit)        


 deny
    log_message = Recipient Verification Failed:
    message = local error                       
    domains = domain1.ie : domain2.ie             
    condition = 
${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes} }



  deny
      ratelimit = 4 / 1h / strict / per_cmd / noupdate
      !hosts  = : +relay_from_hosts                   
      message = local error                           
      log_message = X-Host-Recipient-Verification-Count-Failed: Message Denied 
due to exceessive failures: $sender_rate/$sender_rate_period (max 
$sender_rate_limit)                                                                                                                                                    
      condition = ${if le{$sender_rate}{$sender_rate_limit} {no} {yes} }                                                                                    




Ruairi

On Wednesday 02 September 2009 11:03:36 Ruairi Hickey wrote:
> Hi,
>     I'm trying to use ratelimiting to block connections from hosts who try
> send email to invalid recipients.  I was hoping to achieve this as follows:

>
>
> # This block should increment the sources sending rate if the conditions
> are # met, i.e. the destination mailbox doesn't exist
>
> warn ratelimit = 2 / 10m / strict
>     !hosts  = : +relay_from_hosts
>     condition = ${if le{$sender_rate}{$sender_rate_limit}}
>     logwrite  = RATE UPDATE: $sender_rate/$sender_rate_period (max
> $sender_rate_limit)
>     condition =
> ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no}
> {yes} }

>
>
> # This block will deny any mails to mailboxes which dont exist
>
>  deny
>     log_message = Recipient Verification Failed:
>     message = local error
> #    delay = 30s
>     domains = msre.ie : msre.com.sg
>     condition =
> ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no}
> {yes} }

>
>
> # if the recipient is valid we should reach here and should deny the email
> if # the sending rate as set above (to invalid addresses) is too high.
> The # actual rate should not be updated (due to the noupdate option !!
>
> deny ratelimit = 2 / 10m / strict / noupdate
>     !hosts         = : +relay_from_hosts
>     log_message = RATE: $sender_rate/$sender_rate_period (max
> $sender_rate_limit)

>
>
> The problem is that the noupdate option does not seem to make any
> difference and the rates as dumped from exim_dump are being updated by the
> final stanza. Is this a bug in the Debian Lenny packaging or (more likely)
> am I doing something incorrect....
>
> Thanks for your assistance,
>
> Ruairi