Dear all, I'm looking at making a copy of exim run on our site firewall, intercepting all attempts (from outside) to contact port 25 for every internal host. There are several reasons for doing this. First off, we don't publish MX records for everything inside Aber, but some people manage to quote their addresses wrong (e.g. doing [EMAIL PROTECTED] rather than [EMAIL PROTECTED]). When they do this it results in mail getting stuck at the other end as the remote server tries repeatedly to talk to a closed port. Having a dummy exim sitting on port 25 for our entire network allows me to bounce these messages immediately. Secondly, doing this I can maintain a blacklist of portscanning machines and machines that are trying to use us as an open relay. Finally I can tarpit the same machines.
The firewall is a Linux box and I've told it to redirect port 25 traffic to port 25 on the local host. This works and I can connect in. What I'm after is a way of determining which IP address the connecting machine was trying to talk to. $interface_address returns the address of the interface the request came in on, but that's different from the address that was being contacted. So... what I need is either a variable that identifies the incoming IP address (rather than that of the interface the data came in on) or to get a handle on the incoming socket so that I can call getsockname (or rather its iptables NAT equivalent) on it. If I have to do this latter option, I'd like to do this in perl called from an ACL function - I really don't want to go patching the source and creating a maintenance job for myself. Anyone have any ideas? Cheers, Alun. -- Alun Jones [EMAIL PROTECTED] Systems Support, (01970) 62 2494 Information Services, University of Wales, Aberystwyth -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
