On Tue, 2007-05-01 at 09:58 +0100, Peter Bowyer wrote: > It would create a different error condition for the SMTP client the > other end - probably a 'connection timed out' rather than a > 'connection refused'. This will certainly slow things down, and might > trigger different retry logic depending on the vagueries of the > implementation.
We're veering away from Exim specifically here, but for those who are interested: The netfilter QUEUE target is designed to pass things to userspace for processing by an application able to hook the packet from the userspace queues via the libipq API. The Perl IPTables::IPv4::IPQueue module is one of these beasts. Sadly, at present, libipq only has two verdicts it can pass back to the kernel: NF_ACCEPT and NF_DROP. If you want to implement an analogous verdict to the missing NF_REJECT, then you have to pass NF_DROP to the kernel and then create an appropriate ICMP packet in userspace and send it back to the source. You can do this with the NetPacket::ICMP Perl module. I spent some time playing with this a few months ago in order to do packet filtering based on DNSBL lookups, but in the end I ran out of time when a new member of the family arrived... I might get back to it sooner or later. Graeme -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
