Re: [exim] hosts whitelisting

Top Page
Delete this message
Reply to this message
Author: Brian Blood
Date:  
To: exim-users
Subject: Re: [exim] hosts whitelisting

On Nov 14, 2006, at 4:25 AM, Christoph Purrucker wrote:

> accept
>    hosts = 192.168.1.0/24 : 10.0.0.0/8 : host1.domain.com :
> host2.example.com : *.ebay.com : *.amazon.com

>
> This works very well for me. But the whole rest of my server is
> configured
> in mysql tables (local domains, user aliases, user-specific
> stuff,...), so
> I want to have this host list in a simple table, too.
>
> But whatever I try, the wildcard and network entries will not work.
> May
> you give me an example? I'm blockheaded.




in your table, have 2 columns for ip:

ip_start unsigned int NULL
ip_end unsigned int NULL



WHITELISTED_HOST = SELECT rec_id FROM whitelists \
        WHERE enabled=1 AND wl_type = 'host' \
        AND (ip_start = INET_ATON('${quote_mysql:$sender_host_address}') ) \
            OR (INET_ATON('${quote_mysql:$sender_host_address}') BETWEEN  
ip_start AND ip_end)



accept
condition = ${lookup mysql{WHITELISTED_HOST}}


if you want to whitelist a single IP, put that ip into ip_start
if you want to whitelist a range, then use start through end

we have a more generalized whitelists table like so:


CREATE TABLE IF NOT EXISTS `whitelists` (
`rec_id` int(10) unsigned NOT NULL auto_increment,
`site_id` smallint(5) unsigned NOT NULL default '0',
`enabled` tinyint(1) NOT NULL default '1',
`wl_type` enum('sender','recip','host','syntax') default NULL,
`wl_text` varchar(255) default NULL,
`ip_start` int(10) unsigned default NULL,
`ip_end` int(10) unsigned default NULL,
`wl_condition` varchar(255) default NULL,
`note` varchar(255) NOT NULL default '',
PRIMARY KEY (`rec_id`),
KEY `ipstart_type` (`ip_start`,`wl_type`),
KEY `type_text` (`wl_type`,`wl_text`)
)



this allows us to keep all of our whitelist entries in a single table
by type so we can do things like:

WHITELISTED_HELO = SELECT rec_id FROM whitelists \
        WHERE enabled=1 AND wl_type = 'host' AND ('${quote_mysql: 
$sender_helo_name}' REGEXP wl_text)


or

WHITELISTED_SENDER = SELECT rec_id FROM whitelists \
        WHERE enabled=1 AND wl_type = 'sender' AND '${quote_mysql:${lc: 
$sender_address}}' REGEXP wl_text



and also expose this feature to our customers so they can add their
own whitelist entries specific for their mail (keyed off the site_id
field)

--
Brian