Re: [exim] Handling unadvertised AUTH

Top Page
This message is part of the following thread:
M--++\the complete thread tree sorted by date
M\.MMMTed Cooper at <-
MM\MPhillip Carroll at ->
Delete this message
Reply to this message
Author: Phil Carroll proxied by Sander Smeenk
Date:  
To: exim-users
Subject: Re: [exim] Handling unadvertised AUTH
(Phillip asked me to send his message to the list, which was sent
directly to me and wasn't stored in Phillip's sent-box)

---

On 4/30/2016 10:02 AM, Sander Smeenk wrote:
> >Any help appreciated (including better ideas).
> Use iptables & ipset if you want to block the IP-space of entire AS or CCs.
> If you 'just don't care' for traffic from large amounts of IP-space you
> dont want Exim to deal with that. Exim was built to deal with email,
> not blocking/rejecting connections. ;)

Sander, thanks very much for all the detailed tips on ipset. Extremely
useful info. It proves that no matter how much I know, there is always
something very important that I don't know.

After a little investigation I discovered that csf supports ipset as an
option which I had somehow passed over when setting up this server, and
therefore left as the default. (OFF) I have now turned the option ON and
removed the limit on number of blocked ips (which previously was set at
200). With ipset enabled, csf uses ipset instead of iptables. There are
some other options that are exim-specific, involving AUTH. Including
limiting AUTH to certain countries and/or specific IPs. I haven't looked at
how that works. It has no usefulness for my situation.

In any event, it looks like csf and exim have all the tools I need.

Phil Carroll

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Handling unadvertised AUTH[exim] Need help with hostlist->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)