[exim] IPTables Whitelisting

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.M 
M\Mike Cardwell at ->
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: [exim] IPTables Whitelisting
This might be slightly off topic but I have something kind of tricky and
interesting in mind. I've been using a dummy IP address as my lowest MX
record as a way of getting rid of bot spam. And it's worked fairly well
but I'm trying to make it more interesting.

What I'm doing now is pointing the lowest MX to a second IP on my lowest
MX server and what I want to do is open it up to a selected list of IP
addresses. Every 5 minutes I'm going to query a MySQL database and
create a list of IPs that will be allowed to talk to this lowest MX. All
other IPs will be blocked and forced to retry the higher MX which talks
to everything.

I am not good with IP tables but what I need to do is perhaps create a
new chain of some sort (?) that I can wipe out and reload with new
values. I'll read the list and accept every IP in the list and then drop
all other IPs.

Of course if there's something that can do this reading data out of me
database that would be great. But that's probably too much to ask.

So - anyone have any ides on how to do this?

BTW, Can't do a 4xx error because qmail servers will never retry higher
MX records if the see a 421 error. So the port has to be actually closed.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Sender verify failed - need to allow particular mail inRe: [exim] IPTables Whitelisting->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)