[ On Wednesday, June 12, 2002 at 11:45:14 (+0100), Philip Hazel wrote: ]
> Subject: Re: [Exim] Blocking incessant relay testers with Exim 4
>
> On Tue, 11 Jun 2002, Dave C. wrote:
>
> > I'm not sure if there is a way to completely refuse connections from
> > within exim at all. host_reject_connections does the following:
> >
> > # telnet 127.0.0.2 25
> > Trying 127.0.0.2...
> > Connected to 127.0.0.2 (127.0.0.2).
> > Escape character is '^]'.
> > 554 SMTP service not available
>
> ... then drops the connection. That's all it can do. True "blocking" has
> to happen before the connection gets to Exim, that is, in a router or in
> the host's TCP/IP stack, or using TCPWrappers or similar.
Not TCP Wrappers -- the connection is already set up when it gets it....
Host-based firewalling works though (i.e. in the host's TCP/IP stack).
With IP Filter you can either drop the packet, return host unreachable,
or return a TCP ReSeT (making it immediately look like the host exists
but doesn't run a mail server).
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>