Tom Kistner <tom@???> said, in message
470A5B5D.5040206@???:
> Alun wrote:
>
> > returns the address of the interface the request came in on, but
> > that's different from the address that was being contacted.
>
> You need to patch Exim to do this. If you use the netfilter (aka
> iptables) REDIRECT target, the original destination address can be
> fetched from the socket using getsockopt(...SO_ORIGINAL_DST...).
Yes, that's the one. I was wondering because the perl gets called in a
context in which a couple of file descriptors are open and connected to
sockets. Assuming that one of these is connected to the other end and
that I knew which one it was I could just call the getsockopt() from
perl and get what I wanted.
> This needs to be done inside Exim. If you want to reject anything
> anyway you could just hack up a small SMTP responder instead. You can
> also use Perl for that, IO::Socket seems to have a getsockopt method.
Indeed. That (the latter) was the original plan, but then I thought of
ACLs and all the handy stuff that exim puts in variables for me and it
seemed more flexible to use exim with a pretty simple config than to
write custom code for each check. Especially since the box already
needs some variant of sendmail installed for forwarding local cron
output.
I already want to 4xx anything that's coming in for a valid aber.ac.uk
address, 5xx anything that's for an aber.ac.uk address that's not
valid, and 5xx, tarpit and blacklist any IP that's trying to relay or
portscan. If I decided to add in load management, reverse lookups,
DNSBLs etc to check addresses before they were added to my blacklist
and so on I'd end up with a fairly complicated SMTP responder which
reimplemented quite a lot of stuff that exim already has.
I think I'll have a quick play with parsing netstat -an --tcp for
$sender_host_address:$sender_host_port to find who the other end is
trying to talk to. This should be close enough to unique for my
purposes.
Thanks for the response,
Alun.
--
Alun Jones auj@???
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth
