Re: [exim] hosts whitelisting

Tue, 14 Nov 2006 08:55:54 -0800 

On Nov 14, 2006, at 4:25 AM, Christoph Purrucker wrote:

> accept
>    hosts = 192.168.1.0/24 : 10.0.0.0/8 : host1.domain.com :
> host2.example.com : *.ebay.com : *.amazon.com
>
> This works very well for me. But the whole rest of my server is  
> configured
> in mysql tables (local domains, user aliases, user-specific  
> stuff,...), so
> I want to have this host list in a simple table, too.
>
> But whatever I try, the wildcard and network entries will not work.  
> May
> you give me an example? I'm blockheaded.



in your table, have 2 columns for ip:

ip_start unsigned int NULL
ip_end unsigned int NULL



WHITELISTED_HOST = SELECT rec_id FROM whitelists \
                WHERE enabled=1 AND wl_type = 'host' \
                AND (ip_start = 
INET_ATON('${quote_mysql:$sender_host_address}') ) \
                        OR (INET_ATON('${quote_mysql:$sender_host_address}') 
BETWEEN  
ip_start AND ip_end)


accept
   condition = ${lookup mysql{WHITELISTED_HOST}}


if you want to whitelist a single IP, put that ip into ip_start
if you want to whitelist a range, then use start through end

we have a more generalized whitelists table like so:


CREATE TABLE IF NOT EXISTS `whitelists` (
   `rec_id` int(10) unsigned NOT NULL auto_increment,
   `site_id` smallint(5) unsigned NOT NULL default '0',
   `enabled` tinyint(1) NOT NULL default '1',
   `wl_type` enum('sender','recip','host','syntax') default NULL,
   `wl_text` varchar(255) default NULL,
   `ip_start` int(10) unsigned default NULL,
   `ip_end` int(10) unsigned default NULL,
   `wl_condition` varchar(255) default NULL,
   `note` varchar(255) NOT NULL default '',
   PRIMARY KEY  (`rec_id`),
   KEY `ipstart_type` (`ip_start`,`wl_type`),
   KEY `type_text` (`wl_type`,`wl_text`)
)



this allows us to keep all of our whitelist entries in a single table  
by type so we can do things like:

WHITELISTED_HELO = SELECT rec_id FROM whitelists \
                WHERE enabled=1 AND wl_type = 'host' AND ('${quote_mysql: 
$sender_helo_name}' REGEXP wl_text)

or

WHITELISTED_SENDER = SELECT rec_id FROM whitelists \
                WHERE enabled=1 AND wl_type = 'sender' AND '${quote_mysql:${lc: 
$sender_address}}' REGEXP wl_text


and also expose this feature to our customers so they can add their  
own whitelist entries specific for their mail (keyed off the site_id  
field)

--
Brian



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to