Re: [exim] dnslists and host_reject_connection

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
Subject: Re: [exim] dnslists and host_reject_connection
Brian <bcook-exim@???> wrote:

> What I'm wondering that could be done.. is that when someone is
> rejected b/c of a dnsbl could exim immediately append their Ip into
> an sql table, which could then be uniq sorted and a list be built
> from that?


Several ways to do that:

1. A SQL INSERT statement in an otherwise no-op ACL

eg in very simple terms, subject to optimisation:

# Set acl_m0 to 1 if DNSBL hit
warn set acl_m0 = 1
dnslists = blah.blah

# Write to the db if acl_m0 is 1
warn set acl_m1 = ${lookup mysql {insert table values
('${quote_mysql:$sender_host_address}'}{1}}
condition = ${if eq {$acl_m0}{1}{1}{0}}

# and finally send them away
deny message = Blocked by DNSBL
condition = ${if eq {$acl_m0}{1}{1}{0}}

2. Write something to the log and log-scrape it with a separate task - a
biut clunky but does work

3. Pass data to a daemon using $readsocket - check out Alun Jones' page at
http://users.aber.ac.uk/auj/spam/

> Also if that is possible I'm sure it would be possible to get
> host_reject_connection to read from that sql table and be able to
> reject that IP before they are passed off into spamd.


host_reject_connection is somewhat obsolete - use a 'acl_smtp_connect' acl
to achieve the same effect in a more flexible way. But beware that some
spamware will start hammering on your door very hard if you simply drop the
connection on them - maybe better to swallow the bandwidth and reject the
recipients after all? No harm in experimenting though - let us know what
works.

Peter