On 01/05/07, Mike Cardwell <[EMAIL PROTECTED]> wrote: > * on the Tue, May 01, 2007 at 05:53:45AM +0100, Peter Bowyer wrote: > > >> "man iptables" and look for QUEUE. Then go to cpan.org and look at > >> IPTables::IPv4::IPQueue. This will allow you to knock up a user space > >> perl script to decide what to do with packets by talking to your db in > >> real time. > > Ah, now I looked into this a while back when Marc first talked about > > this technique. I investigated this method of controlling IPTables and > > came to the conclusion that it wouldn't do the job - once a packet has > > arrived in the userspace queue it's already been accepted - all you > > can do with it is drop it or carry on processing it, you can't reject > > it. You can't simulate 'nothing listening on this port'. So it's not > > suitable for the application Marc wants it for. > > > > At least, that's how I read the documentation. I have been known to be > > wrong (yes, really...). > > You look to be correct. But, while dropping the packet isn't ideal, the > overall outcome of doing that in this case is still the same as doing a > reject surely?
It would create a different error condition for the SMTP client the other end - probably a 'connection timed out' rather than a 'connection refused'. This will certainly slow things down, and might trigger different retry logic depending on the vagueries of the implementation. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
