For those who use my config code to block brute force auth cracking:
Some cracker bots use concurrent connections
(up to smtp_accept_max_per_host, default 20 connections),
that could cause a batch of multiple email notifications about
the same IP-address blocked. I tried to prevent redunant notifications,
but iplsearch lookup result was cached, so the prevention didn't work.
I rewrote prevention condition using a named list containing $
which disables caching results of the lookup using such named list:
hostlist blocked_ips = $spool_directory/blocked_IPs
...
condition = ${if exists{$spool_directory/blocked_IPs}\
{${if match_ip{$sender_host_address}{+blocked_ips}\
{0}{1}}}\
{1}}
At last a cracker bot tested my code. :)
I updated the wiki:
https://github.com/Exim/exim/wiki/BlockCracking
