Marc Perkel wrote: > This might be slightly off topic but I have something kind of tricky and > interesting in mind. I've been using a dummy IP address as my lowest MX > record as a way of getting rid of bot spam. And it's worked fairly well > but I'm trying to make it more interesting. > > What I'm doing now is pointing the lowest MX to a second IP on my lowest > MX server and what I want to do is open it up to a selected list of IP > addresses. Every 5 minutes I'm going to query a MySQL database and > create a list of IPs that will be allowed to talk to this lowest MX. All > other IPs will be blocked and forced to retry the higher MX which talks > to everything. > > I am not good with IP tables but what I need to do is perhaps create a > new chain of some sort (?) that I can wipe out and reload with new > values. I'll read the list and accept every IP in the list and then drop > all other IPs. > > Of course if there's something that can do this reading data out of me > database that would be great. But that's probably too much to ask. > > So - anyone have any ides on how to do this? > > BTW, Can't do a 4xx error because qmail servers will never retry higher > MX records if the see a 421 error. So the port has to be actually closed.
"man iptables" and look for QUEUE. Then go to cpan.org and look at IPTables::IPv4::IPQueue. This will allow you to knock up a user space perl script to decide what to do with packets by talking to your db in real time. Mike -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
