[exim] Choosing the outbound IP address according to a Datab…

Top Page
Delete this message
Reply to this message
Author: Mark Elkins
Date:  
To: Users, Exim
Subject: [exim] Choosing the outbound IP address according to a Database query.
Exim version 4.89 #1 built 05-Oct-2017 13:48:15 (Linux Gentoo)

Problem: I have users either with weak passwords or whom give away their
passwords...

Result: Spammers have their "information" so can use my relay mail
server to send spam on my clients behalf to many other people. If it
bounces - then the client has a full mail box quite quickly. Worse - the
IP address of the machine gets blacklisted. This then affects many other
clients.

The machine is for Mail Submission - so it can have a common "inbound"
interface for my clients - and just needs a specific outbound IP address.

I have a fair number of IP addresses. I'd like to have a pool of
interfaces - each with their own IP address. My users details are all
stored in a database table so I could also add an IP address there, the
one that this particular client should use when my EXIM sends out their
e-mail. If that IP address becomes blacklisted - it would then affect a
much smaller percentage of my users. I could then have one IP address
per group of customers!

In exim.conf - I've used:

# Interfaces That Exim Listens on
local_interfaces = <; 127.0.0.1 ;    ::1 ; \
                      192.111.222.1 ;  2001:1234:abcd:5678::1 ; \
                      192.111.222.2 ;  2001:1234:abcd:5678::2 ; \
                      192.111.222.3 ;  2001:1234:abcd:5678::3

(fake numbers)

I assume one could assign a particular IP address for outbound?


I already look the user up - e.g. on a different machine that receives
inbound e-mails:-

  # quota = 30M
  quota = ${lookup mysql {select mail_quota from user_table where
user='${local_part}@${domain}'}}M

...so guess I could fetch an IP address - or easier would be the last
part of an IP address...

In Transports - I have something like:-

begin transports

# This transport is used for delivering messages over SMTP connections.
remote_smtp:
  driver = smtp
  dnssec_request_domains = *
  hosts_try_dane = *
  return_path = ${address:$reply_address}
  interface = <; 192.111.222.1 ; 2001:1234:abcd:5678::1

So could the "interface =" part be changed to receive the result of a
MySQL query?
Can I pop a value into a variable - and use that? - otherwise I'll be
doing two lookups, one for IPv4 and one for IPv6...

interface = <; 192.111.222.${lookup mysql {select mail_ip from
user_table where user='${local_part}@${domain}'}} ;
2001:1234:abcd:5678::${lookup mysql {select mail_ip from user_table
where user='${local_part}@${domain}'}}


Anyone done this before?

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje@???       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za