I would like to keep track of how many times connections from each IP
are rejected over a period of time (maybe 24 hours?), and when a limit
is reached, reject them much earlier in the acl's - at connection time -
to reduce resources used by Exim, and maybe discourage them from
connecting for a while.
The way it should work is:
1. On the connect acl, check if the failed connection counter has been
reached, and block if yes, but don't increase the counter otherwise.
2. In various subsequent acl's, increase the counter every time a
connection is rejected.
Does the acl below look syntactically correct? Am I correct in thinking
that the "ratelimit =" in the second acl is not reached and doesn't
increment the counter, unless the conditions above it are true?
acl_check_connect:
# check if we've reached the limit and block - but
# don't add to the counter here otherwise
drop message = Too many failed retries
ratelimit = 20 / 24h / per_conn / readonly
acl_check_helo:
# increase rejected connection counter if we fail here
drop message = Invalid HELO/EHLO
condition = ${if eq{$received_port}{25}}
condition = ${if match{$sender_helo_name}{.+\\\..+\\\..+} \
{no}{yes}}
ratelimit = 20 / 24h /per_conn