On 12/9/2004 7:31, "Igor Robul" <igorr@???> wrote:
> But maybe firewall is better place to block this range? I think you need
> to send them information about your decision too.
We keep a "local" (ie, our own) block list in a MySQL database. We reject
at RCPT time, with a message which is mostly a URL to a web page which gives
the other end a chance to request exemption (which of course some annoying
mail programs will refuse to show the sender).
The database has a column for "network" (meaning /24) and for host...if host
is NULL the whole subnet is blocked, else just the specified IP.
This rule is in the SMTP time ACL (ie, once per connection):
warn hosts = +rbl_hosts : !127.0.0.0/8 : !+local_networks :
!+relay_from_hosts
condition = ${if ! match
{$sender_host_name}{\Nmx\.aol\.com$\N}{yes}{no}}
condition = ${lookup mysql{select id \
from blocklist \
where
network=SUBSTRING_INDEX('$sender_host_address', '.', 3) \
and
(host=SUBSTRING_INDEX('$sender_host_address', '.', -1) or \
host is NULL) \
limit 1 \
}{yes}{no}}
set acl_c1 = blocklist
Later at RCPT time, if an exemption mechanism hasn't changed acl_c1, we find
deny
condition = ${if eq {$acl_c1}{blocklist}{yes}{no}}
message = rejected see
http://www.olympus.net/local/$sender_host_address
Note...I just saw a flaw in our exemption system. Rats! Fortunately, we
have few exemptions so the flaw isn't serious.
--John
