Re: [exim] Using GeoIP to block spammers - anyone?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMRenaud Allard at <-
MOdhiambo G. Washington at ->
Delete this message
Reply to this message
Author: Odhiambo G. Washington
Date:  
To: exim-users
Subject: Re: [exim] Using GeoIP to block spammers - anyone?
* On 23/06/06 21:07 +0100, Chris Lightfoot wrote:
| On Fri, Jun 23, 2006 at 10:40:25PM +0300, Odhiambo G. Washington wrote:
|     [...]
| >              What I want is to reduce the processing consequent
| > upon spammer transaction, because again, I have disabled spam
| > filtering on the hidden box, instead doing it on the new MX. That
| > new MX is listed as the "highest priority", so everyone delivering
| > mail by MX should be connecting to it.
| 
| ok. so any legitimate connections are from customers who
| will either (a) be connecting from a legitimate IP range;
| or (b) will authenticate before trying a mail transaction.

That is correct!

| So can you not, in the MAIL FROM ACL, drop the connection
| immediately if the user is not in classes (a) or (b)? Or
| are there MUAs which try MAIL FROM and only then
| authenticate?

They use all sorts of MUAs.

| The overhead of doing this should be minimal -- the typical
| spammer would issue ``HELO whatever'', then
| ``MAIL FROM: <whatever>'', and would immediately have the
| connection dropped. Or you could reject the MAIL FROM:
| command -- I assume that would have the same effect.

So basically, you are saying that I should forget about dropping
the connections at acl_smtp_connect and instead shift to either
acl_smtp_helo or acl_smtp_mail, yes?


| (I'm not sure how to drop the connection immediately in an
| ACL -- I thought there might be a control command to do
| it, but in extremis you could, e.g., write a perl function
| that exits the current process, though that's ghastly.)

At acl_smtp_connect, we know the IP address, so at that point
is where I wanted to drop all IPs coming from outside Kenya. 


        cheers
       - wash 
+----------------------------------+-----------------------------------------+
Odhiambo Washington                    . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash () WANANCHI ! com            . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223            . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121            . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"  
                         --from a /. post



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Using GeoIP to block spammers - anyone?Re: [exim] Using GeoIP to block spammers - anyone?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)