Autor: W B Hacker Data: Dla: exim users Temat: Re: [exim] ACL to drop connectio
Jean-Paul natola wrote: >
>> Jean-Paul natola wrote:
>>> Hi all,
>>>
>>>
>>>
>>> I'm wondering if there is a way to tell exim to drop an connection from a
>>> host that is attempting more than one simultaneous smtpconnection
>>>
>> To drop, for example, the first, already in-process connection when a
>> second or subsequent is attempted?
>>
>> As each is a separate child-process, and many such could be running on
>> unrelated connections at any given moment, I doubt it would be in current
>> code.
>
>
> Maybe i'm wording it incorrectly, I'm getting alot spammers trying to what i
> can only guess are dictionary attacks? and i see a bunch of "refused too
> connections" so I do the iplookup and they are indeed spammers.
>
>
>
> So would it be a good idea to do the raw drop on them?
There's no significant gain and no need.
Ex:
conducive# grep -c 'too many connections' /var/log/exim/mainlog
25750
The *initial* connection is subject to an rDNS check, and - with most, not all,
of the above refused connections, is *later* proven to be 'dirty', and denied.
'Later' because an rDNS check - even if cached - takes a small, but finite
period of time, and the swarm of multiple connection attempts will have already
arrived before the result is returned on the first one - let laone all of the rest.
So limiting the connections from any one IP prevents swamping the server
resources - in my case available PostgreSQL 'connections' more than rDNS lookups.
Simple, effective, needs no further gold-plating.
BTW: An Exim 'drop' doesn't gain YOU much over a simple 'deny'. Read up on the
differences.