X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=dce03586f0ed168b2211bc14d161e60fd8f53204;hb=4658098c84ab6b11f6419fee7cc0e70f7eeb25df;hp=2ef980b7939af7df5751542384e4a756fb9b816d;hpb=6fc846c125d25ba5da2e7e5c668ef338edd63700;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 2ef980b79..dce03586f 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -13,6 +13,16 @@ class exim::mx inherits exim {
 		notify  => Service['exim4'],
 	}
 
+	# 20181010 many connections:
+	#  188.165.219.27
+	#  125.72.232.*
+	#  140.224.61.*
+	#  117.24.38.*
+	@ferm::rule { 'dsa-mail-abusers':
+		prio  => "000",
+		rule  => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/24) DROP",
+	}
+
 	# MXs used as smarthosts
 	@ferm::rule { 'dsa-exim-submission':
 		description => 'Allow SMTP',
@@ -42,7 +52,5 @@ class exim::mx inherits exim {
 				| EOF
 		}
 	}
-	file { '/etc/cron.d/dsa-email-virtualdomains':
-		ensure => absent,
-	}
+	file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
 }