著者: Phil Carroll proxied by Sander Smeenk 日付: To: exim-users 題目: Re: [exim] Handling unadvertised AUTH
(Phillip asked me to send his message to the list, which was sent
directly to me and wasn't stored in Phillip's sent-box)
---
On 4/30/2016 10:02 AM, Sander Smeenk wrote: > >Any help appreciated (including better ideas).
> Use iptables & ipset if you want to block the IP-space of entire AS or CCs.
> If you 'just don't care' for traffic from large amounts of IP-space you
> dont want Exim to deal with that. Exim was built to deal with email,
> not blocking/rejecting connections. ;)
Sander, thanks very much for all the detailed tips on ipset. Extremely
useful info. It proves that no matter how much I know, there is always
something very important that I don't know.
After a little investigation I discovered that csf supports ipset as an
option which I had somehow passed over when setting up this server, and
therefore left as the default. (OFF) I have now turned the option ON and
removed the limit on number of blocked ips (which previously was set at
200). With ipset enabled, csf uses ipset instead of iptables. There are
some other options that are exim-specific, involving AUTH. Including
limiting AUTH to certain countries and/or specific IPs. I haven't looked at
how that works. It has no usefulness for my situation.
In any event, it looks like csf and exim have all the tools I need.