[Mimedefang] Accessing the source/destination port #'s at filter_relay
Philip A. Prindeville
philipp_subx at redfish-solutions.com
Mon May 3 20:04:24 EDT 2010
On 05/03/2010 04:22 PM, Philip A. Prindeville wrote:
> What am I missing to send additional arguments to filter_relay()?
>
Nevermind, figured it out.
Here's the patch. I'm running it locally.
Works nicely with IPTables::libiptc if you want to plumb new iptables
rules on the fly, or add traffic shaping for a host that's trying to
spam you, etc.
Yes, I'm aware that you can use access.db and ClientConn: and
ClientRate:, but that assumes that you can easily match against an IP
address (you can't with subnets that aren't a multiple of 8 bits
long)... you also can't do useful things like apply traffic shaping
that makes each connection use 1/2 as much bandwidth as the previous
connection from the same host or subnet, etc.
And lastly, a lot of sites require you to log the source port number on
the connection when reporting abuse (such as blatant attempts to exploit
your site as an open relay).
Only question is: should we also pass the ports and the local address to
filter_helo()?
There are reasons to want to do this.
For instance, if you're a multihomed relay, you might accept hosts on
your "inside" saying "EHLO [192.168.1.x]" but not if they're connecting
to you from your public interface.
I could go either way.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mimedefang-ports.patch
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20100503/ade9025e/attachment.ksh>
More information about the MIMEDefang
mailing list