[Mimedefang] Telling Mailer to disconnect

Benoit Panizzon benoit.panizzon at imp.ch
Thu Aug 14 04:30:39 EDT 2014 

Am Thursday, 14. August 2014, 10.03:03 schrieben Sie:
> SMTP error code 421 = "Abort connection."

Nope, during the RCPT TO: phase this is a temporary error of just this 
recipient. The other (even future recipients) could be valid, so the milter is 
getting the remaining recipients until the 'max recipients' limit of the 
mailer is reached. But the mailer then also only rejects the additional 
recipients with a 'too many recipients' tempfail.
Well postfix somewhen disconnect with 'too many errors' but that limit is even 
higher.

The problem with those abusers is that they try to send emails to thausends of 
recipients causing some load on the database that I would like to avoid.

What I would like to do is disconnect the client connection during 
filter_recipient. I fear this is not possible.

Of course, if $SendmailMacros{auth_authen} points to a phished account that 
got 'blocked' in the past, I can reject the connection during filter_sender.

But still this leaves the problems of the recently blocked account. I see bots 
opening one connection and then keeping that connection open while trying to 
spam. As they got detected during the filter_recipient phase, they cannot send 
emails as I reject every recipient. No matter if I use TEMPFAIL or REJECT they 
keep trying to send undil they disconnect. Next connection they are blocked 
earlier, in filter_sender.
Not all connections get permanently blocked (triggered by simultaneous logins 
from many different IP's or different geoIPlocations). If only one IP is 
involved I only rate limit the recipients and put up a nagios warning so a 
human can determine if this is a bot sending spam or a customer who got the 
spledid idea to use our infrastructure as smarthost for his mailing tool. But 
still in such a case I would like to disconnect our customer instead of 
processing every recipient his tool is trying to send emails to.

Benoit Panizzon
-- 
I m p r o W a r e   A G    -    
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 07
CH-4133 Pratteln                Fax  +41 61 826 93 02
Schweiz                         Web  http://www.imp.ch
______________________________________________________

More information about the MIMEDefang mailing list