Our school has recently been contacted by SpamHaus b/c we are making too /soo many queries.
After thinking about things and looking at the offenders that keep coming back time and time again only to be rejected.. I came up with a simple ratelimit in acl_check_connect: 190 deny 191 ratelimit = 3 / 1m / strict 192 message = Sorry, not fast enough for you. Try again later. [$sender_rate/$sender_rate_period] 193 log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit) This is what its catching.. grep RATE /var/log/exim/mainlog | cut -f3 -d\[ | cut -f1 -d\] | sort | uniq -c | sort (heres the over 200 offenders..) 201 118.69.170.90 204 123.18.170.173 206 85.105.247.43 208 117.0.155.111 208 88.224.84.103 210 123.18.85.6 217 78.171.137.27 225 123.22.119.231 242 123.19.1.197 248 123.18.243.35 316 118.71.112.87 2009-04-03 01:09:56 [85437] H=[118.71.112.87]:21151 I=[a.b.c.d]:25 rejected connection in "connect" ACL: RATE: 199.1/1m (max 3) 2009-04-03 01:09:56 [1430] H=[118.71.112.87]:21153 I=[a.b.c.d]:25 rejected connection in "connect" ACL: RATE: 199.9/1m (max 3) so, is there a way that I can make a ratelimit acl if your ip is found on a dnsbl? does that make sense? Or is this acl_check_connect good enough? -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
