Re: [exim] Drop messages at RCPT time based on IP/Subnet

Top Page
Delete this message
Reply to this message
Author: Alex
Date:  
To: exim-users
Subject: Re: [exim] Drop messages at RCPT time based on IP/Subnet
Actually, its not all that hard (creating ones own dnsbl list - since I
run a DNS server I was in a position to implement it), I had a read of
RFC5872 (DNSBL).

I created a zone for bl.mydomain.com

Zone records:

*.231.23.bl.mydomain.com A 127.0.0.2
*.231.23.bl.mydomain.com TXT "No Thanks - Tired of the spam from your
host/network."

Tested with "exim -bh 23.231.32.36"

Result:

550-Message Rejected - 23.231.32.36 is in a blacklist at bl.mydomain.com
550 No Thanks - Tired of the spam from your host/network.
LOG: H=(host.com) [23.231.32.36] F=<naughty@???> rejected RCPT
somerecipient@???: listed in bl.mydomain.com

Beautiful =)




On 2014-08-15 13:08, Alex wrote:
> Hi Everyone,
>
> Is there a way to knock back connections from an IP address/subnet at
> receipt time (in the same fashion that a connection is rejected if a
> match is found in a dnsbl)?
>
> I am ultimately wanting to refuse mail from a subnet:
>
> ITECH SERVICES, LLC CUST-NETBLK-PHX-23-231-32-0-21 (NET-23-231-32-0-1)
> 23.231.32.0 - 23.231.39.255
>
> Keep getting spam from IP's on this subnet. The problem is that by the
> time individual IP addresses end up in the likes of zen.spamhaus,
> bl.spamcop etc, they have already been able to drop off their payload.
>
> I have the option of firewalling out the IP range, but I would prefer
> to do it at MTA level so things are logged (useful in case legit mail
> gets dropped so I can identify if I am being too heavy handed).
>
> It wound be nice to be able to reject connections from say a /24 and
> have the server reply back with "550: Sorry too much spam from your
> network"
>
> Cheers,
> Alex.