Dear all,
I'm looking at making a copy of exim run on our site firewall,
intercepting all attempts (from outside) to contact port 25 for every
internal host. There are several reasons for doing this. First off, we
don't publish MX records for everything inside Aber, but some people
manage to quote their addresses wrong (e.g. doing auj@???
rather than auj@???). When they do this it results in mail
getting stuck at the other end as the remote server tries repeatedly to
talk to a closed port. Having a dummy exim sitting on port 25 for our
entire network allows me to bounce these messages immediately.
Secondly, doing this I can maintain a blacklist of portscanning
machines and machines that are trying to use us as an open relay.
Finally I can tarpit the same machines.
The firewall is a Linux box and I've told it to redirect port 25
traffic to port 25 on the local host. This works and I can connect in.
What I'm after is a way of determining which IP address the connecting
machine was trying to talk to. $interface_address returns the address
of the interface the request came in on, but that's different from the
address that was being contacted.
So... what I need is either a variable that identifies the incoming IP
address (rather than that of the interface the data came in on) or to
get a handle on the incoming socket so that I can call getsockname (or
rather its iptables NAT equivalent) on it. If I have to do this latter
option, I'd like to do this in perl called from an ACL function - I
really don't want to go patching the source and creating a maintenance
job for myself.
Anyone have any ideas?
Cheers,
Alun.
--
Alun Jones auj@???
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth