Re: [exim] Choosing the outbound IP address according to a Database query.
On 2018-03-12, Mark Elkins via Exim-users wrote: > Exim version 4.89 #1 built 05-Oct-2017 13:48:15 (Linux Gentoo) > > # Interfaces That Exim Listens on > local_interfaces = <; 127.0.0.1 ; ::1 ; \ > 192.111.222.1 ; 2001:1234:abcd:5678::1 ; \ > 192.111.222.2 ; 2001:1234:abcd:5678::2 ; \ > 192.111.222.3 ; 2001:1234:abcd:5678::3 > > I assume one could assign a particular IP address for outbound? > > So could the "interface =" part be changed to receive the result of a > MySQL query? > Can I pop a value into a variable - and use that? - otherwise I'll be > doing two lookups, one for IPv4 and one for IPv6... you can use an $acl_m_... variable there or a lookup. > Anyone done this before? I have (several years ago) and had a bad experience, but I think the bugs I discovered have now been fixed. -- This email has not been checked by half-arsed antivirus software -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Choosing the outbound IP address according to a Database query.
> In Transports - I have something like:-
>
> begin transports
>
> # This transport is used for delivering messages over SMTP connections.
> remote_smtp:
> driver = smtp
> dnssec_request_domains = *
> hosts_try_dane = *
> return_path = ${address:$reply_address}
> interface = <; 192.111.222.1 ; 2001:1234:abcd:5678::1
>
> So could the "interface =" part be changed to receive the result of a
> MySQL query?
> Can I pop a value into a variable - and use that? - otherwise I'll be
> doing two lookups, one for IPv4 and one for IPv6...
The transport 'interface =' is string-expanded, so you can use anything
here that you can use as a normal string expansion, including MySQL
queries. We have some Exim servers with a relatively complex set of
conditions here (although we don't use MySQL lookups) and it works fine.
You may also find it more convenient to set this information up
earlier, for example in an ACL (as a message ACL variable) or during
routing (eg in $address_data), and then simply use it in the transport,
rather than looking it up every time in the transport.
- cks
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Choosing the outbound IP address according to a Database query.
> From: Mark Elkins > Problem: I have users either with weak passwords or whom give away their > passwords... > > Result: Spammers have their "information" so can use my relay mail > server to send spam on my clients behalf to many other people. If it > bounces - then the client has a full mail box quite quickly. Worse - the > IP address of the machine gets blacklisted. Use this: https://github.com/Exim/exim/wiki/BlockCracking -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Choosing the outbound IP address according to a Database query.
On Mon, 12 Mar 2018, Mark Elkins via Exim-users wrote: The machine is for Mail Submission - so it can have a common "inbound" interface for my clients - and just needs a specific outbound IP address. I have a fair number of IP addresses. I'd like to have a pool of interfaces - each with their own IP address. My users details are all stored in a database table so I could also add an IP address there, the one that this particular client should use when my EXIM sends out their e-mail. If that IP address becomes blacklisted - it would then affect a much smaller percentage of my users. I could then have one IP address per group of customers! In exim.conf - I've used: # Interfaces That Exim Listens on local_interfaces = <; 127.0.0.1 ; ::1 ; \ 192.111.222.1 ; 2001:1234:abcd:5678::1 ; \ 192.111.222.2 ; 2001:1234:abcd:5678::2 ; \ 192.111.222.3 ; 2001:1234:abcd:5678::3 (fake numbers) I assume one could assign a particular IP address for outbound? I don't know the current position, but in 2011 Spamhaus was blacklisting IPv6 addresses in /64 blocks https://www.spamhaus.org/organization/statement/012/spamhaus-ipv6-blocklists-strategy-statement so I don't know whether your pool of addresses will protect your clients as well as you hope. -- Andrew C. Aitchison Cambridge, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Choosing the outbound IP address according to a Database query.
Exim version 4.89 #1 built 05-Oct-2017 13:48:15 (Linux Gentoo)
Problem: I have users either with weak passwords or whom give away their
passwords...
Result: Spammers have their "information" so can use my relay mail
server to send spam on my clients behalf to many other people. If it
bounces - then the client has a full mail box quite quickly. Worse - the
IP address of the machine gets blacklisted. This then affects many other
clients.
The machine is for Mail Submission - so it can have a common "inbound"
interface for my clients - and just needs a specific outbound IP address.
I have a fair number of IP addresses. I'd like to have a pool of
interfaces - each with their own IP address. My users details are all
stored in a database table so I could also add an IP address there, the
one that this particular client should use when my EXIM sends out their
e-mail. If that IP address becomes blacklisted - it would then affect a
much smaller percentage of my users. I could then have one IP address
per group of customers!
In exim.conf - I've used:
# Interfaces That Exim Listens on
local_interfaces = <; 127.0.0.1 ; ::1 ; \
192.111.222.1 ; 2001:1234:abcd:5678::1 ; \
192.111.222.2 ; 2001:1234:abcd:5678::2 ; \
192.111.222.3 ; 2001:1234:abcd:5678::3
(fake numbers)
I assume one could assign a particular IP address for outbound?
I already look the user up - e.g. on a different machine that receives
inbound e-mails:-
# quota = 30M
quota = ${lookup mysql {select mail_quota from user_table where
user='${local_part}@${domain}'}}M
...so guess I could fetch an IP address - or easier would be the last
part of an IP address...
In Transports - I have something like:-
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
dnssec_request_domains = *
hosts_try_dane = *
return_path = ${address:$reply_address}
interface = <; 192.111.222.1 ; 2001:1234:abcd:5678::1
So could the "interface =" part be changed to receive the result of a
MySQL query?
Can I pop a value into a variable - and use that? - otherwise I'll be
doing two lookups, one for IPv4 and one for IPv6...
interface = <; 192.111.222.${lookup mysql {select mail_ip from
user_table where user='${local_part}@${domain}'}} ;
2001:1234:abcd:5678::${lookup mysql {select mail_ip from user_table
where user='${local_part}@${domain}'}}
Anyone done this before?
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
