#Idea is that spammers always have a large number of bad emails.
#count the bad emails, and if they have too many, it's probably a spammer.
#use the exim.pl to take action.

  warn
        set acl_m_bc_skip = 0

  warn  authenticated = *
        condition = ${if exists{BC_SKIP_AUTHENTICATED_USERS}}
        condition = ${lookup{$authenticated_id}nwildlsearch{BC_SKIP_AUTHENTICATED_USERS}{1}{0}}
        set acl_m_bc_skip = 1
        logwrite = auth=$authenticated_id skipped via bc_skip_authenticated_users

  warn  authenticated = *
        condition = ${if inlist{$authenticated_id}{BC_UNLIMITED_USERNAMES}}
        set acl_m_bc_skip = 1
        logwrite = auth=$authenticated_id skipped via bc_unlimited_usernames variable
        
  warn  authenticated = *
        hosts = +bc_skip_sending_hosts
        set acl_m_bc_skip = 1
        logwrite = auth=$authenticated_id ip=$sender_host_address skipped via bc_skip_sending_hosts

  drop  authenticated = *
        condition = ${if !eq{$acl_m_bc_skip}{1}}
        set acl_m_user = $authenticated_id
        condition = ${if exists{$spool_directory/blocked_authenticated_users}}
        condition = ${lookup{$acl_m_user}lsearch{$spool_directory/blocked_authenticated_users}{1}{0}}
        message = Account $acl_m_user currently blocked for sending to too many invalid recipients

  drop  authenticated = *
        condition = ${if !eq{$acl_m_bc_skip}{1}}
        !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
        ratelimit = BC_LIM / BC_PERIOD / per_rcpt / user-$acl_m_user
        continue = ${run{BC_SHELL -c "echo $acl_m_user:`date +%s` >> $spool_directory/blocked_authenticated_users" }}
	continue = ${perl{block_cracking_notify}{smtp}}
        message = Account $acl_m_user has been blocked for sending to too many invalid recipients
        logwrite = $acl_m_user has been added to $spool_directory/blocked_authenticated_users, and DA notified