Re: [exim] Iptables/other blocking ylmf-pc clients

Top Pagina
Delete this message
Reply to this message
Auteur: Daryl Richards
Datum:  
Aan: list2@captainnet.net, exim-users
Onderwerp: Re: [exim] Iptables/other blocking ylmf-pc clients
On 2016-08-10 12:47 PM, list2@??? wrote:
> I'm having a hard time achieving that delay. As you can see it comes
> back with the same IP every 10 seconds. Delay is not imposed on
> condition as it is dropped already.
>
> 2016-08-10 09:13:01 H=(ylmf-pc) [201.217.51.46] I=[216.240.133.65]:25
> rejected EHLO or HELO ylmf-pc: HELO/EHLO - HELO on heloblocks Blocklist
> 2016-08-10 09:13:12 H=(ylmf-pc) [201.217.51.46] I=[216.240.133.65]:25
> rejected EHLO or HELO ylmf-pc: HELO/EHLO - HELO on heloblocks Blocklist
> 2016-08-10 09:13:23 H=(ylmf-pc) [201.217.51.46] I=[216.240.133.65]:25
> rejected EHLO or HELO ylmf-pc: HELO/EHLO - HELO on heloblocks Blocklist
>
> Don't you have to record the current time stamp, in order to calculate
> elapsed time for subsequent delays.
> Accept the greeting, but if we previously generated a message in say
> $acl_c1, stall the sender until 180 seconds has elapsed.


Did you test it by connecting to port 25 and saying 'helo ylmf-pc' and
see the delay before it drops the connection? The problem is, even
though *that* connection is stalled it doesn't stop them from making
another connection in the meantime. This kind of delay is actually a
good way to DOS yourself as all your incoming slots are tied up waiting
on the 180 second delay!