On Fri, 26 Feb 2010, Andrew Hearn wrote:
| However, is there a way to ratelimit or deny hosts based on how many
| messages they've sent that have been rejected/deferred by the recipients MX?
We do this. Local senders who trip a limit are added to a list such that
everything they send is frozen, until a human can investigate.
I'm not aware this can be achieved purely inside Exim. Our setup is based
on a custom-written log watching script.
The idea came from Richard Clayton's "Stopping Spam by Extrusion
Detection" paper:
http://www.cl.cam.ac.uk/~rnc1/extrusion.pdf
and I'm happy to report it's been very effective at cutting off spam runs
long before any significant damage to repuation occurs.
--
Chris Edwards
IT Security, Computing Service
University of Glasgow, charity number SC004401
