Am Thursday, 14. August 2014, 10.03:03 schrieben Sie: > SMTP error code 421 = "Abort connection."
Nope, during the RCPT TO: phase this is a temporary error of just this recipient. The other (even future recipients) could be valid, so the milter is getting the remaining recipients until the 'max recipients' limit of the mailer is reached. But the mailer then also only rejects the additional recipients with a 'too many recipients' tempfail. Well postfix somewhen disconnect with 'too many errors' but that limit is even higher. The problem with those abusers is that they try to send emails to thausends of recipients causing some load on the database that I would like to avoid. What I would like to do is disconnect the client connection during filter_recipient. I fear this is not possible. Of course, if $SendmailMacros{auth_authen} points to a phished account that got 'blocked' in the past, I can reject the connection during filter_sender. But still this leaves the problems of the recently blocked account. I see bots opening one connection and then keeping that connection open while trying to spam. As they got detected during the filter_recipient phase, they cannot send emails as I reject every recipient. No matter if I use TEMPFAIL or REJECT they keep trying to send undil they disconnect. Next connection they are blocked earlier, in filter_sender. Not all connections get permanently blocked (triggered by simultaneous logins from many different IP's or different geoIPlocations). If only one IP is involved I only rate limit the recipients and put up a nagios warning so a human can determine if this is a bot sending spam or a customer who got the spledid idea to use our infrastructure as smarthost for his mailing tool. But still in such a case I would like to disconnect our customer instead of processing every recipient his tool is trying to send emails to. Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang