Re: [exim] db based IP blacklist

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Alexander Nagel
日付:  
To: exim-users
題目: Re: [exim] db based IP blacklist
Am Sat, 27 Oct 2012 16:40:32 -0400
schrieb Phil Pennock <exim-users@???>:

> On 2012-10-27 at 21:51 +0200, Alexander Nagel wrote:
> > I have a simple IP list in my PostGreSQL with inet as type in the
> > table. Currently i have this snippet in my exim4.conf file in the
> > acl_smtp_connect part.
> > 
> > drop
> > condition = ${if eq{$sender_host_address}{${lookup
> > pgsql{PG_Q_BLACKLIST}}}} message = REJECTED - You are blacklisted 
> > log_message = REJECTED - $sender_host_address is blacklisted.
> > 
> > This works with a single IP address. But I want to add whole ranges
> > of IP addresses like 192.1.0.0/24 
> > How do I have to change the condition?
> 
> Something like this, untested:
> 
> condition = ${lookup pgsql{\
>     SELECT COUNT(*) FROM blacklist WHERE entry >>=
> '${sender_host_address}' LIMIT 1 } {$value}{no}}
> 
> The >>= operator is PostgreSQL for "contains or equals"; you don't
> care how many matches there are, so just finding one is enough (LIMIT
> 1), and you don't care about any values, you just want to know if
> it's present. So the COUNT(*) should return 0 or 1 (because of the
> LIMIT 1).
> 
> At which point, you already have a value which condition will
> interpret. The {no} fallback is just paranoia.
> 
> Normally you'd use ${quote_pgsql:...} for the inserted variable, but
> $sender_host_address is an IPv4 or IPv6 address, so should be safe.
> 
> Does that help?
> 


Hi Phil,

yes, that works great :-)
Thank you very much!

regards
Alexander