Re: [exim] Reject email from a ip or ip range

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] Reject email from a ip or ip range
On 12/9/2004 7:31, "Igor Robul" <igorr@???> wrote:

> But maybe firewall is better place to block this range? I think you need
> to send them information about your decision too.


We keep a "local" (ie, our own) block list in a MySQL database. We reject
at RCPT time, with a message which is mostly a URL to a web page which gives
the other end a chance to request exemption (which of course some annoying
mail programs will refuse to show the sender).

The database has a column for "network" (meaning /24) and for host...if host
is NULL the whole subnet is blocked, else just the specified IP.

This rule is in the SMTP time ACL (ie, once per connection):

  warn    hosts     = +rbl_hosts : !127.0.0.0/8 : !+local_networks :
!+relay_from_hosts
          condition = ${if ! match
{$sender_host_name}{\Nmx\.aol\.com$\N}{yes}{no}}
          condition = ${lookup mysql{select id \
                               from blocklist \
                               where
network=SUBSTRING_INDEX('$sender_host_address', '.', 3) \
                                and
(host=SUBSTRING_INDEX('$sender_host_address', '.', -1) or \
                                     host is NULL) \
                               limit 1 \
                        }{yes}{no}}
          set acl_c1 = blocklist


Later at RCPT time, if an exemption mechanism hasn't changed acl_c1, we find
  deny
      condition = ${if eq {$acl_c1}{blocklist}{yes}{no}}
      message   = rejected see
http://www.olympus.net/local/$sender_host_address



Note...I just saw a flaw in our exemption system. Rats! Fortunately, we
have few exemptions so the flaw isn't serious.

--John