OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Connection rate limiting is ignoring check_recipient_access?

From: Ralf Hildebrandt (Ralf.Hildebrandtcharite.de)
Date: Sun Jul 02 2006 - 03:11:39 CDT

* Geoff <postfixc4b.co.uk>:

> The intention is to limit connections from spammers to not more than 1
> per 5 minutes. Rate limiting works just fine with the exception of
> when the first connections are REJECTed by check_recipient_access. If
> you look at the extract from the maillog shown below you can see that
> the first 6 connections from this spammer were rejected by
> check_recipient_access but were ignored for connection rate counting
> purposes

They occured in the same connection. Note that all entries have the
smtpd PID of 18206:

> Jun 28 22:03:23 shoebox postfix/smtpd[18206]: connect from unknown[202.101.73.90]
One connection
> Jun 28 22:03:24 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <webmastermydomain.net>: Recipient address rejected: Domain not known; from=<Mallory.Nelsonearthlink.net> to=<webmastermydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:28 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <uucpmydomain.net>: Recipient address rejected: Domain not known; from=<Tessa.Gambleearthlink.net> to=<uucpmydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:28 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <testmydomain.net>: Recipient address rejected: Domain not known; from=<Tessa.Gambleearthlink.net> to=<testmydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:29 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <supportmydomain.net>: Recipient address rejected: Domain not known; from=<Tracey.Blountearthlink.net> to=<supportmydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:30 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <servicemydomain.net>: Recipient address rejected: Domain not known; from=<Daphne.Starksearthlink.net> to=<servicemydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:31 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 550 <salesmydomain.net>: Recipient address rejected: Domain not known; from=<Gordon.Joyceearthlink.net> to=<salesmydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
> Jun 28 22:03:36 shoebox postfix/smtpd[18206]: NOQUEUE: reject: RCPT from unknown[202.101.73.90]: 554 <Gordon.Joyceearthlink.net>: Sender address rejected: undeliverable address: host mx4.earthlink.net[209.86.93.229] said: 550 Gordon.Joyceearthlink.net...User unknown (in reply to RCPT TO command); from=<Gordon.Joyceearthlink.net> to=<rootmydomain.net> proto=ESMTP helo=<Y0001.qoi3ilii.org>
Lots of errors
> Jun 28 22:03:38 shoebox postfix/smtpd[18206]: lost connection after DATA from unknown[202.101.73.90]
> Jun 28 22:03:38 shoebox postfix/smtpd[18206]: disconnect from unknown[202.101.73.90]
And the connection is gone.

--
Ralf Hildebrandt (Ralf.Hildebrandtcharite.de) spamtrapcharite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.postfix-buch.com
I work for an investment bank. I have dealt with code written by stock
exchanges. I have seen how the computer systems that store your money
are run. If I ever make a fortune, I will store it in gold bullion
under my bed.