Re: [exim] Is it possible to deny IP range in Exim?

Top Page
Delete this message
Reply to this message
Author: James Price
Date:  
To: mkp_71
CC: exim-users
Subject: Re: [exim] Is it possible to deny IP range in Exim?
mkp_71 wrote:
> Hi , is it possible to deny IP range(like 192.168.0.0/16) in Exim? Something
> like this:
>
> begin acl
>
> accept hosts = :
> deny hosts = /etc/exim/blacklist #my own blacklist
>
> Thanks in advance.
>

I believe its as simple as defining a hostlist at the top of your config
and then referencing it with a deny in your ACL kind of like the following:

hostlist block_hosts = /path/to/your/file/blocked_hosts.txt

begin acl
# You could do this in your smtp connect ACL
acl_check_smtp:
    accept hosts = :
    accept hosts = +relay_hosts
    deny hosts = +block_hosts # Where this goes is up to you, if you 
want to deny these hosts before your allowed relay hosts (assuming thats 
defined or including relay hosts in this block list) you could move it 
above the accept +relay_hosts.
# likely additional rules in this ACL follow
    # Final accept
    accept
# End of acl_check_smtp


# Contents of your file blocked_hosts.txt
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx/24
# You can specify single IP's as well as ranges with CIDR notation, no
need for : separator there as long as theres a <CR> between lines.

Thanks,
James