Re: [exim] IPTables Whitelisting

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] IPTables Whitelisting


Marc Perkel wrote:
> This might be slightly off topic but I have something kind of tricky and
> interesting in mind. I've been using a dummy IP address as my lowest MX
> record as a way of getting rid of bot spam. And it's worked fairly well
> but I'm trying to make it more interesting.
>
> What I'm doing now is pointing the lowest MX to a second IP on my lowest
> MX server and what I want to do is open it up to a selected list of IP
> addresses. Every 5 minutes I'm going to query a MySQL database and
> create a list of IPs that will be allowed to talk to this lowest MX. All
> other IPs will be blocked and forced to retry the higher MX which talks
> to everything.
>
> I am not good with IP tables but what I need to do is perhaps create a
> new chain of some sort (?) that I can wipe out and reload with new
> values. I'll read the list and accept every IP in the list and then drop
> all other IPs.
>
> Of course if there's something that can do this reading data out of me
> database that would be great. But that's probably too much to ask.
>
> So - anyone have any ides on how to do this?
>
> BTW, Can't do a 4xx error because qmail servers will never retry higher
> MX records if the see a 421 error. So the port has to be actually closed.
>
>


Have a look at OpenBSD's spamd
(http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8), I think
it does what you want.