(Phillip asked me to send his message to the list, which was sent directly to me and wasn't stored in Phillip's sent-box)
--- On 4/30/2016 10:02 AM, Sander Smeenk wrote: > >Any help appreciated (including better ideas). > Use iptables & ipset if you want to block the IP-space of entire AS or CCs. > If you 'just don't care' for traffic from large amounts of IP-space you > dont want Exim to deal with that. Exim was built to deal with email, > not blocking/rejecting connections. ;) Sander, thanks very much for all the detailed tips on ipset. Extremely useful info. It proves that no matter how much I know, there is always something very important that I don't know. After a little investigation I discovered that csf supports ipset as an option which I had somehow passed over when setting up this server, and therefore left as the default. (OFF) I have now turned the option ON and removed the limit on number of blocked ips (which previously was set at 200). With ipset enabled, csf uses ipset instead of iptables. There are some other options that are exim-specific, involving AUTH. Including limiting AUTH to certain countries and/or specific IPs. I haven't looked at how that works. It has no usefulness for my situation. In any event, it looks like csf and exim have all the tools I need. Phil Carroll -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
