Re: [exim] dnslists and host_reject_connection

Top Page
Delete this message
Reply to this message
Author: Brian
Date:  
To: exim-users
Subject: Re: [exim] dnslists and host_reject_connection
Peter Bowyer wrote:

> Brian <bcook-exim@???> wrote:
>
>
>>What I'm wondering that could be done.. is that when someone is
>> rejected b/c of a dnsbl could exim immediately append their Ip into
>>an sql table, which could then be uniq sorted and a list be built
>>from that?
>
>
> Several ways to do that:
>
> 1. A SQL INSERT statement in an otherwise no-op ACL
>
> eg in very simple terms, subject to optimisation:
>
> # Set acl_m0 to 1 if DNSBL hit
> warn set acl_m0 = 1
> dnslists = blah.blah
>
> # Write to the db if acl_m0 is 1
> warn set acl_m1 = ${lookup mysql {insert table values
> ('${quote_mysql:$sender_host_address}'}{1}}
> condition = ${if eq {$acl_m0}{1}{1}{0}}
>
> # and finally send them away
> deny message = Blocked by DNSBL
> condition = ${if eq {$acl_m0}{1}{1}{0}}
>
> 2. Write something to the log and log-scrape it with a separate task - a
> biut clunky but does work
>
> 3. Pass data to a daemon using $readsocket - check out Alun Jones' page at
> http://users.aber.ac.uk/auj/spam/
>
>
>>Also if that is possible I'm sure it would be possible to get
>>host_reject_connection to read from that sql table and be able to
>>reject that IP before they are passed off into spamd.
>
>
> host_reject_connection is somewhat obsolete - use a 'acl_smtp_connect' acl
> to achieve the same effect in a more flexible way. But beware that some
> spamware will start hammering on your door very hard if you simply drop the
> connection on them - maybe better to swallow the bandwidth and reject the
> recipients after all? No harm in experimenting though - let us know what
> works.
>
> Peter
>
>

Thank you greatly for your examples, I will work with these and the
greylisting examples on the url you posted and let you know how this
turns out for me.

thanks again

:)