On Mon, May 29, 2023 at 4:23 PM Pete Long via Exim-users <
exim-users@???> wrote:
> Hi all,
>
> As I’m sure many of you have witnessed, there appears to be something of a
> concerted effort recently amongst bot-herders to test (completely free of
> charge) our Internet connections and servers by smashing them with hundreds
> of delivery attempts per second. Per second.
>
> I cannot recall ever seeing such sustained and incredibly fast network
> abuse, although I’m probably in the minority.
>
> After trying several ACLs and even inviting IPTables to the party at one
> stage, I still seemed powerless to prevent mainlog filling up with an
> inordinate amount of crap; that is until this morning.
>
> Thanks to Jeremy Harris for recommending (to another poster) use of the
> DROP verb instead of DENY for a certain ACL use case. Sheepishly I changed
> the DENY verb to DROP and hey presto, way less noise in mainlog and far
> less chance of a successful delivery. I’d completely forgotten about DROP,
> for some strange reason only considering DISCARD as an alternative to DENY.
>
>
> acl_check_rcpt:
>
> drop
> message = No host name found.
> condition = ${if eq{$host_lookup_failed} {1} {1}{0}}
>
How about if you did the above in acl_check_connect instead of
acl_check_rcpt??
And only the below in acl_check_rcpt ?
drop message = Too many bad recipients.
> condition = ${if and
> {{>{$rcpt_count}{2}}{>{${eval:$rcpt_count-$recipients_count}}{2}}}{yes}{no}}
>
Maybe you'd save some CPU cycles?
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
