In reply to myself.. .the problem wasnt with the noupdate stanza but with the
block that was updating the rate - i only wanted it to do so when the
recipient was invalid... I needed to reorder the block so the condition check
occurred before the ratelimit (as follows)
What these blocks achieve is it counts (ratelimits) all emails sent to invalid
addresses - these emails are then denied at smtp time by the second block.
The third block denies emails from hosts who have exceeded the limit of 4
invalid recipients / hour. This should mean that spambots which attempt to
send large amounts of SPAM to invalid addresses will have attempts to send ti
valid addresses dropped .... I currently see about 10 hosts blocked with
scores ranging from 4.5 to 32. I will post an update in a few weeks to let
you know how successful this is....
Ruairi
warn
!hosts = : +relay_from_hosts
condition =
${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes} }
ratelimit = 4 / 1h / strict / per_cmd
logwrite = RATE UPDATE: $sender_rate/$sender_rate_period (max
$sender_rate_limit)
deny
log_message = Recipient Verification Failed:
message = local error
domains = domain1.ie : domain2.ie
condition =
${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes} }
deny
ratelimit = 4 / 1h / strict / per_cmd / noupdate
!hosts = : +relay_from_hosts
message = local error
log_message = X-Host-Recipient-Verification-Count-Failed: Message Denied
due to exceessive failures: $sender_rate/$sender_rate_period (max
$sender_rate_limit)
condition = ${if le{$sender_rate}{$sender_rate_limit} {no} {yes} }
Ruairi
On Wednesday 02 September 2009 11:03:36 Ruairi Hickey wrote:
> Hi,
> I'm trying to use ratelimiting to block connections from hosts who try
> send email to invalid recipients. I was hoping to achieve this as follows:
>
>
> # This block should increment the sources sending rate if the conditions
> are # met, i.e. the destination mailbox doesn't exist
>
> warn ratelimit = 2 / 10m / strict
> !hosts = : +relay_from_hosts
> condition = ${if le{$sender_rate}{$sender_rate_limit}}
> logwrite = RATE UPDATE: $sender_rate/$sender_rate_period (max
> $sender_rate_limit)
> condition =
> ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no}
> {yes} }
>
>
> # This block will deny any mails to mailboxes which dont exist
>
> deny
> log_message = Recipient Verification Failed:
> message = local error
> # delay = 30s
> domains = msre.ie : msre.com.sg
> condition =
> ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no}
> {yes} }
>
>
> # if the recipient is valid we should reach here and should deny the email
> if # the sending rate as set above (to invalid addresses) is too high.
> The # actual rate should not be updated (due to the noupdate option !!
>
> deny ratelimit = 2 / 10m / strict / noupdate
> !hosts = : +relay_from_hosts
> log_message = RATE: $sender_rate/$sender_rate_period (max
> $sender_rate_limit)
>
>
> The problem is that the noupdate option does not seem to make any
> difference and the rates as dumped from exim_dump are being updated by the
> final stanza. Is this a bug in the Debian Lenny packaging or (more likely)
> am I doing something incorrect....
>
> Thanks for your assistance,
>
> Ruairi
