(oops, I sent this previously to the list with the wrong from address ..
I'm guessing it is stuck in the moderation queue. Sorry mods!)
Your dnsbl, as written, will block 21.231.0.0/16. After looking at the
networks included though ... yeah, probably fine.
What you are trying to do is also achievable with iplsearch. I have
numerous of these to change behaviour depending on sending host.
Somewhere relevant in your ACLs: (You appear to want to use connect - I
usually put them in RCPT TO ACl so that I can see who they are trying to
send to)
deny message = No Thanks - Tired of the spam from your host/network
condition =
${lookup{$sender_host_address}iplsearch{/PATH/TO/FILE}{yes}{no}}
/PATH/TO/FILE contains:
23.231.32.0/21 # ITECH SERVICES, LLC
21.231.0.0/16 # Actually, the whole /16 looks crumby. Maybe list all!
23.231.32.36 # Or you can just list single IPs
(everything after the # is comment)
NB: There will come a point when a linear ip search of a file becomes a
resource hog on every connection. After this, you may with to move to an
indexed database to speed things up again. Or a companion daemon which
Exim communicates to using udpsend (no replies) or readsocket.
On 15/08/14 14:53, Alex wrote:
> Actually, its not all that hard (creating ones own dnsbl list - since I
> run a DNS server I was in a position to implement it), I had a read of
> RFC5872 (DNSBL).
>
[snip]
> *.231.23.bl.mydomain.com A 127.0.0.2
> *.231.23.bl.mydomain.com TXT "No Thanks - Tired of the spam from your
> host/network."
[snip]
> On 2014-08-15 13:08, Alex wrote:
>> Hi Everyone,
>>
>> Is there a way to knock back connections from an IP address/subnet at
>> receipt time (in the same fashion that a connection is rejected if a
>> match is found in a dnsbl)?
>>
>> I am ultimately wanting to refuse mail from a subnet:
>>
>> ITECH SERVICES, LLC CUST-NETBLK-PHX-23-231-32-0-21 (NET-23-231-32-0-1)
>> 23.231.32.0 - 23.231.39.255
[snip]