5.3 on page 282):
Connect:bad.host REJECT
Here, for example, any connection from the host bad.host is rejected.
The default behavior of the check_relay rule set can also be overridden by the various
DNS blacklist features (see ?§7.2 on page 260).
In the event you need to add checks to this check_relay rule set, you can do so by
adding a Local_check_relay rule set. Declaring this latter rule set gives you a hook
into the start of check_relay, which means your rules are applied before the default
rules.
One way to use Local_check_relay might be to list offensive sites in a database and
reject any connections from those sites.* Consider a database that contains hostnames
or addresses as its keys and descriptions of each host??™s offense as its values:
hostA.edu Spamming site
hostB.com Mail Bombing site
123.45.6 Offensive domain
IPv6:2002:c0a8:51d2::23f4 Offending host
Notice that the keys can be hostnames, or IPv4 or IPv6 addresses. Such a database
might be declared in the configuration file like this:
LOCAL_CONFIG
Kbadhosts dbm -a<> /etc/mail/badhosts
Now, eachtime a site connects to your running daemon, the following rule set will
be called:
SLocal_check_relay
R $* $| $* $: $(badhosts $1 $) $| $2 look up hostname
R $*<> $| $* $#error $@ 5.1.3 $: 550 Sorry, $1 denied
R $* $| $* $: $2 select the IP address
R $-.$-.$-.
Pages:
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472