> From: Mihamina Rakotomandimby <[email protected]> > I would like to setup an Exim relay for a LAN (192.168.0.0/16) > I know how to allow 192.168.0.0/16 to use this relay to mail out. > > Now, if there is one host in 192.168.0.0/16 that abuses, I would like > to temporary REJECT it (with an explicit SMTP deny message such as > "Contact Mihamiha to be abble to send again"). > We are used to put the host IP in one file that Exim should check at > each SMTP request, where we list temporary blocked hosts. > > Once the host user has talked to me, I just remove his IP address from > the file without having to restart Exim and the show goes on.
I.e. you need a way to detect abuse and automatically block a host, right? Abuse usually is spamming huge list of email addresses, in such lists most of addresses are nonexistent. So, a simple way to automatically detect abuse is to count invalid recipients: LIM = 100 PERIOD = 1h WARNTO = [email protected] DIR = /var/spool/exim EXIMBINARY = /usr/local/sbin/exim SHELL = /bin/sh hostlist relay_from_hosts = localhost : 192.168.0.0/16 ... begin acl acl_check_rcpt: ... deny hosts = +relay_from_hosts set acl_m_msg = Contact Mihamiha to be able to send again message = $acl_m_msg condition = ${if exists{DIR/blocked_hosts}} condition = ${if eq{${lookup{$sender_host_address}lsearch\ {DIR/blocked_hosts}{1}{0}}}{1}} deny hosts = +relay_from_hosts !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender ratelimit = LIM / PERIOD / per_rcpt / $sender_host_address continue = ${run{SHELL -c "echo $sender_host_address \ >>DIR/blocked_hosts; \N{\N echo Subject: host $sender_host_address \ blocked; echo; echo because has sent mail to LIM invalid \ recipients during PERIOD.; \N}\N | EXIMBINARY WARNTO"}} message = $acl_m_msg accept hosts = +relay_from_hosts control = submission/domain= -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
