use fail2ban to block some abusive smtp clients on our MXs (re: RT#7515)

[mirror/dsa-puppet.git] / modules / exim / manifests / mx.pp

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index dce0358..42604eb 100644 (file)
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -1,6 +1,7 @@
 class exim::mx inherits exim {
        include clamav
        include postgrey
+       include fail2ban::exim
 
        file { '/etc/exim4/ccTLD.txt':
                source => 'puppet:///modules/exim/common/ccTLD.txt',
@@ -17,10 +18,13 @@ class exim::mx inherits exim {
        #  188.165.219.27
        #  125.72.232.*
        #  140.224.61.*
-       #  117.24.38.*
+       #  117.24.36.0/22
+       #  115.235.157.28
+       #  113.110.47.180
+       #  121.226.141.*
        @ferm::rule { 'dsa-mail-abusers':
                prio  => "000",
-               rule  => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/24) DROP",
+               rule  => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/22 115.235.157.28 113.110.47.180 121.226.141.0/24) DROP",
        }
 
        # MXs used as smarthosts