|Alert Message||Multiple Rejected MAIL: Access Denied in 30 seconds from the same source.|
ASL does not cause this event to occur. ASL simply reports when it occurs.
This means that exim has rejected a mail connection, and has done so 8 or more times within 30 seconds, from the same IP.
 Log examples
2014-01-01 10:10:10 H=(hostname) [18.104.22.168]:2039 rejected MAIL <firstname.lastname@example.org>: Access denied - Invalid HELO name (See RFC2821 22.214.171.124)
ASL does not cause this event to occur. ASL simply reports when it occurs. Disabling this rule will not prevent exim from blocking these connections, disabling this rule will only silence this alert. Exim is causing these blocks, and only configuring Exim will change this behavior of Exim. ASL does not manage or configure Exim. Please contact your mail server vendor for assistance if you do not know how to configure Exim, or contact our sales department and we can put a professional services quote together to assist you.
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course not stop Exim from blocking these connections.
 False Positives
None. Please do not report this as a false positive unless ASL is incorrectly reporting an event that is:
1) not exim
2) exim is not rejecting the connection
 Additional Information
 Similar Rules
 Knowledge Base Articles
 External Articles