drop message = blacklisted for bruteforce cracking attempt
set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1}
condition = ${if >{$acl_c_authnomail}{4}}
After we restart exim, those messages stop.
We are not 100% sure, that we stop it due to restarting, or that the
customer does something similar to his exchange server, and just does
not tell us.
And here comes the million $ question: has anyone seens this behavior
with "Exim version 4.90_1 #2" and other exchange servers before, and
knows who is to blame for it.
A short timeline :
16th of May : tons of those messages
6th of June : tons of those messages
Days between : not one error with the same exchange server and they send
hundreds of mails each day.
of course, we have the same message for other hosts, but those are
spammers trying to hack an account, but that's 1 line a day at best ;)
If you can spread some light on the topic, let me know.
