|
|
|
|
|
|
| Author |
Message |
Evil Ernie
*nix forums beginner
Joined: 09 Jun 2006
Posts: 3
|
 Posted: Thu Jul 20, 2006 8:54 pm Post subject:
Rejecting connections based on IP range.
|
|
|
I'm trying to reject certain connections based upon the IP range they're in.
I have this in my SMTP Mail ACL:
#====================================================================#
# DENY problem RANGES #
#====================================================================#
deny
message = Call email admin xxx xxx-xxxx \
- Error_local_rejection
hosts = ${if exists \
{/etc/exim4/_databases/_special_reject_R.rtf}\
{/etc/exim4/_databases/_special_reject_R.rtf}{}}
delay = 30s
logwrite = Special_rejection $sender_host_address
The file that it references is a regular file with 105 entries such as:
63.145.183.0/24
63.145.188.0/24
63.218.48.0/24
Most of the time it works fine. But I'm still seeing email being delivered
despite the range being listed there. I'm running Exim 4.5 on Debian Sarge
but I've written the exim4.conf file myself so it has none of the default
Debian entries.
Is there a more efficent method of comparing IP's to ranges or is there some
other problem/solution?
TIA
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/ |
|
| Back to top |
|
 |
Tony Finch
*nix forums Guru
Joined: 22 Mar 2002
Posts: 1222
|
| Posted: Thu Jul 20, 2006 10:54 pm Post subject:
Re: Rejecting connections based on IP range.
|
|
|
On Thu, 20 Jul 2006, Evil Ernie wrote:
| Quote: | I'm trying to reject certain connections based upon the IP range they're in.
Most of the time it works fine. But I'm still seeing email being delivered
despite the range being listed there.
|
Do you have any accept clauses before the deny clause?
| Quote: | Is there a more efficent method of comparing IP's to ranges or is there some
other problem/solution?
|
You can use the net24- prefix on a search type keyword (e.g. net24-dbm is
mentioned in the spec) if all your ranges are the same size. It gets
painful if they have variables sizes.
Tony.
--
<fanf@exim.org> <dot@dotat.at> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/ |
|
| Back to top |
|
|
Evil Ernie
*nix forums beginner
Joined: 09 Jun 2006
Posts: 3
|
| Posted: Fri Jul 21, 2006 2:24 am Post subject:
Re: Rejecting connections based on IP range.
|
|
|
On 7/20/06, Tony Finch <dot@dotat.at> wrote:
| Quote: |
Do you have any accept clauses before the deny clause?
|
None that would apply to those addresses. Just the regular "accept
everything to postmaster" but that doesn't apply to these messages.
You can use the net24- prefix on a search type keyword (e.g. net24-dbm is
| Quote: | mentioned in the spec) if all your ranges are the same size. It gets
painful if they have variables sizes.
|
Thanks! I was hoping there might be a way to get them all in one, but I can
have the broken up it that's how is goes.
PS: great email address.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/ |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Mon Dec 01, 2008 8:56 pm | All times are GMT
|
|
Credit Card | Verizon Ringtones | Mortgage Calculator | Current Accounts | Payday Loan
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Exim
