Hi all,

As I’m sure many of you have witnessed, there appears to be something of a 
concerted effort recently amongst bot-herders to test (completely free of 
charge) our Internet connections and servers by smashing them with hundreds of 
delivery attempts per second. Per second.

I cannot recall ever seeing such sustained and incredibly fast network abuse, 
although I’m probably in the minority.

After trying several ACLs and even inviting IPTables to the party at one stage, 
I still seemed powerless to prevent mainlog filling up with an inordinate 
amount of crap; that is until this morning.

Thanks to Jeremy Harris for recommending (to another poster) use of the DROP 
verb instead of DENY for a certain ACL use case. Sheepishly I changed the DENY 
verb to DROP and hey presto, way less noise in mainlog and far less chance of a 
successful delivery. I’d completely forgotten about DROP, for some strange 
reason only considering DISCARD as an alternative to DENY.


acl_check_rcpt:

drop
   message = No host name found.
   condition = ${if eq{$host_lookup_failed} {1} {1}{0}}


drop message = Too many bad recipients.
condition = ${if and 
{{>{$rcpt_count}{2}}{>{${eval:$rcpt_count-$recipients_count}}{2}}}{yes}{no}}


I believe the latter ACL was originally shown on this mailing list but 
together, these puppies work wonders for my requirements.

For now :)

Thanks again.


Pete.



Attachment: signature.asc
Description: Message signed with OpenPGP

-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to