Author: Jasen Betts Date: To: exim-users Subject: Re: [exim] Drop messages at RCPT time based on IP/Subnet
On 2014-08-16, Alex <thunder@???> wrote: > Hi Ted,
>
> Didn't know about iplsearch, that's neat. I guess the drawback with
> dnsbl is that it's not very granular with the choice of blocking ip
> addresses. I cant really block say a /28 for example. Your approach
> would be much better for this. At the moment with the dnsbl I am stuck
> with knocking out a single IP, a /24 or /16 or /8 (cant imagine EVER
> knocking out a /8, that's just insane).
>
> Is there an iplsearch equivalent that can do MySQL table lookups? I am
> really trying to shift away from flat files where possible and have
> everything in one central database.
apparently not, If you've not invested too much effort into mysql you
might consider using postgresql instead. which can do CIDR lookups.
> For the moment DNSbl seems to be working a treat, the same clowns who
> are slipping through the cracks got an unexpected surprise this morning
> during their usual spam run (I have fail2ban also setup which monitors
> the exim rejectlog for the string which matches a connect reject due to
> dnsbl listing then firewalls out the IP for a few hours (stops them
> trying again and again and again and again and again)). Quite hilarious.
> I am literally sitting here laughing whilst watching the reject log. One
> small battle against the sneaky spammers where I am winning.
greylisting might be another tactic you could use, greylist them for
an hour or however long is sufficient for them to find spamhaus,
