james at digitalciti
Feb 3, 2010, 7:38 AM
Post #2 of 3
(691 views)
Permalink
|
|
Re: Is it possible to deny IP range in Exim?
[In reply to]
|
|
mkp_71 wrote:
> Hi , is it possible to deny IP range(like 192.168.0.0/16) in Exim? Something
> like this:
>
> begin acl
>
> accept hosts = :
> deny hosts = /etc/exim/blacklist #my own blacklist
>
> Thanks in advance.
>
I believe its as simple as defining a hostlist at the top of your config
and then referencing it with a deny in your ACL kind of like the following:
hostlist block_hosts = /path/to/your/file/blocked_hosts.txt
begin acl
# You could do this in your smtp connect ACL
acl_check_smtp:
accept hosts = :
accept hosts = +relay_hosts
deny hosts = +block_hosts # Where this goes is up to you, if you
want to deny these hosts before your allowed relay hosts (assuming thats
defined or including relay hosts in this block list) you could move it
above the accept +relay_hosts.
# likely additional rules in this ACL follow
# Final accept
accept
# End of acl_check_smtp
# Contents of your file blocked_hosts.txt
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx/24
# You can specify single IP's as well as ranges with CIDR notation, no
need for : separator there as long as theres a <CR> between lines.
Thanks,
James
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
|
