[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
ip-port.torhosts.nighteffect.us and exim
I've been looking into how to use this with Exim4. I just thought I'd
share it here for the benefit of the archives.
warn dnslists = $interface_port.${sg{$interface_address}{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}{\$4\.\$3\.\$2\.\$1}}.ip-port.torhosts.nighteffect.us
log_message = This connection is coming from a tor node that allows exiting to this ip/port combination
The ACL simply logs the connection, it doesn't perform a rejection, or
adding a header to the message or anything else. That part is left to
the reader or the exim users mailing list.
It was made slightly more difficult to use by the fact that I had to
reverse the 4 octets of the IP address of the host being connected to. I
understand why this was done though and agree with it.
Just out of interest, why do lookups that return positive results take
such a long time? This is what I typically get:
server:~# time host 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us
20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us has address 127.0.0.2
Host 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us not found: 2(SERVFAIL)
Host 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us not found: 2(SERVFAIL)
real 0m23.451s
user 0m0.030s
sys 0m0.010s
The first line of response is pretty quick, then there are long delays
before each SERVFAIL...
If the lookup returns an NXDOMAIN, there are no SERVFAILS so the lookups
are much faster. I'm not a DNS expert so I'm not sure what is happening
that causes the SERVFAIL's...
Thanks,
Mike