[exim] ACL to early reject connections from hosts which keep…

Top Pagina
Delete this message
Reply to this message
Auteur: Sebastian Arcus
Datum:  
Aan: Exim Users
Onderwerp: [exim] ACL to early reject connections from hosts which keep on retrying after a permanent reject
Hello and thank you in advance for any help. I've built an ACL to early
reject connections from really naughty and persistent hosts, which keep
on coming back even after they have been given a permanent error. It
looks like so:

acl_check_connect:

drop  message   = Temporary ban - too many retries
       ratelimit = 5 / 24h / per_conn / readonly



acl_check_helo:

deny  message    = "Bad HELO (impersonates our host)"
       condition  = ${if match{$sender_helo_name}{$primary_hostname}}
       !ratelimit = 5 / 24h / per_conn / leaky


acl_check_rcpt:

deny  message    = Relay is not permitted
       !domains   = +local_domains : +relay_to_domains
       !ratelimit = 5 / 24h / per_conn / leaky



I have a few other similar ACL's, which add to the counter when the
conditions above, in the ACL, are true.

Does the above look right? I've had it in place on one server for about
a week, but I can't see in the logs ever kicking in - so now I'm not
sure if the syntax is wrong, or maybe I haven't had any persistent
offenders during this time.