I have net-dbm working - but when I run tests (exim -bh) on net24-dbm with
IPs that have no slash and it always fails. I tried it with net24-cdb also
and couldn't get it to work that way either.
I originally interpreted the manual on page 51 to mean that if the file
blocked_IPs.dbm has the address 123.456.789.123 and the conf file has
host_reject = net24-dbm;/etc/exim/blocked_IPs.dbm Then Exim would convert
the IP in the dbm file from 123.456.789.34 to 123.456.789.0/24 and thus it
would reject the IP. But my testing with exim -bh shows that this is not the
case.
After re-reading the manual on page 51 several times and I think that
net24-dbm line tells exim to convert the host IP to an IP/24 form and then
look up to see if there is a matching ?.?.?.0/24 Key in the dbm file. For
example, if the incoming host Ip is 123.456.789.128 Exim would lookup in
the dbm file for the key 123.456.789.0/24 and if found would block the host
IP?
If this is the case then the DBM file can have both slashed ip addresses and
non slashed ip addresses as keys?
And you could have a config file that read :
host_reject = net24-dbm;/etc/exim/blocked_IPs.dbm :
net25-dbm;/etc/exim/blocked_IPs.dbm :\
net26-dbm;/etc/exim/blocked_IPs.dbm : net27-dbm;/etc/exim/blocked_IPs.dbm :
\
net28-dbm;/etc/exim/blocked_IPs.dbm : net29-dbm;/etc/exim/blocked_IPs.dbm:
\
net-dbm;/etc/exim/blocked_IPs.dbm
The above config line would look for any plain IP along with and any slashed
IP for /24 to /29? So all keys could go in the same dbm file whether they
were slashed or not?
It would do 7 lookups, but that would be better than expanding the number of
ips in the db by 256 time for a /24 lookups - I can see diminishing returns
on the /28 and /29
Do I understand this yet, or am I still an idiot?
------------------------------------------------
Karl Schmidt (ks150) EMail Karl@???
Transtronics, Inc. WEB http://xtronics.com
3209 West 9th Street Ph(785) 841-3089
Lawrence, KS 66049 FAX(785) 841-0434
