> From: Mihamina Rakotomandimby <mihamina@???>
> I would like to setup an Exim relay for a LAN (192.168.0.0/16)
> I know how to allow 192.168.0.0/16 to use this relay to mail out.
>
> Now, if there is one host in 192.168.0.0/16 that abuses, I would like
> to temporary REJECT it (with an explicit SMTP deny message such as
> "Contact Mihamiha to be abble to send again").
> We are used to put the host IP in one file that Exim should check at
> each SMTP request, where we list temporary blocked hosts.
>
> Once the host user has talked to me, I just remove his IP address from
> the file without having to restart Exim and the show goes on.
I.e. you need a way to detect abuse and automatically block a host, right?
Abuse usually is spamming huge list of email addresses, in such lists
most of addresses are nonexistent. So, a simple way to automatically detect
abuse is to count invalid recipients:
LIM = 100
PERIOD = 1h
WARNTO = mihamina@???
DIR = /var/spool/exim
EXIMBINARY = /usr/local/sbin/exim
SHELL = /bin/sh
hostlist relay_from_hosts = localhost : 192.168.0.0/16
...
begin acl
acl_check_rcpt:
...
deny hosts = +relay_from_hosts
set acl_m_msg = Contact Mihamiha to be able to send again
message = $acl_m_msg
condition = ${if exists{DIR/blocked_hosts}}
condition = ${if eq{${lookup{$sender_host_address}lsearch\
{DIR/blocked_hosts}{1}{0}}}{1}}
deny hosts = +relay_from_hosts
!verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
ratelimit = LIM / PERIOD / per_rcpt / $sender_host_address
continue = ${run{SHELL -c "echo $sender_host_address \
>>DIR/blocked_hosts; \N{\N echo Subject: host $sender_host_address \
blocked; echo; echo because has sent mail to LIM invalid \
recipients during PERIOD.; \N}\N | EXIMBINARY WARNTO"}}
message = $acl_m_msg
accept hosts = +relay_from_hosts
control = submission/domain=
