Hello, I was wondering if there is a (debian specific) way to quickly and in a simple manner block a specific email address for a little while (as early as possible, not using procmail). Say you notice in the logs there is a bunch of crap coming from someone, or some harddisk array or sql server spams you with errors every 4 seconds, yet you can''t go out and reconfigure that machine just yet. I tried to find this out, but the solutions I found seemed to be rather "big" for the intended purpose. Thank you, Jeroen
On Tue, 2007-07-17 at 11:22 -0700, Jeroen van Aart wrote:> Hello, > > I was wondering if there is a (debian specific) way to quickly and in a > simple manner block a specific email address for a little while (as > early as possible, not using procmail). Say you notice in the logs there > is a bunch of crap coming from someone, or some harddisk array or sql > server spams you with errors every 4 seconds, yet you can''t go out and > reconfigure that machine just yet. I tried to find this out, but the > solutions I found seemed to be rather "big" for the intended purpose. > > Thank you, > Jeroen >It''s not debian-specific, but the whole ACL framework in exim4 is designed for this. If you want to block everything from a machine, you can drop the connection as soon as it says HELO (smtp). If you want to block a particular sender, if it''s the envelope sender (i.e., smtp return address), you can block it when that comes in. Finally, if you need to look at the headers of the message, you can act after the message body comes in, but still before it goes to any routers. -- Ross Boylan wk: (415) 514-8146 185 Berry St #5700 ross at biostat.ucsf.edu Dept of Epidemiology and Biostatistics fax: (415) 514-8150 University of California, San Francisco San Francisco, CA 94107-1739 hm: (415) 550-1062
On Tue, Jul 17, 2007 at 11:22:44AM -0700, Jeroen van Aart wrote:> I was wondering if there is a (debian specific) way to quickly and in a > simple manner block a specific email address for a little while (as > early as possible, not using procmail).Assuming that you mean the envelope sender address, just dump the address in /etc/exim4/local_sender_blacklist. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
Marc Haber wrote:> Assuming that you mean the envelope sender address, just dump the > address in /etc/exim4/local_sender_blacklist.Thanks, that''s what I was looking for. Similar simple functionality exists for hubbed_hosts, which I used recently and saved me some time. Regards, Jeroen