From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 10 Oct 2018 08:15:41 +0000 (+0200)
Subject: netfilter DROP traffic from some mail abusers
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4658098c84ab6b11f6419fee7cc0e70f7eeb25df;p=mirror%2Fdsa-puppet.git

netfilter DROP traffic from some mail abusers
---

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index cddf405ce..dce03586f 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -13,6 +13,16 @@ class exim::mx inherits exim {
 		notify  => Service['exim4'],
 	}
 
+	# 20181010 many connections:
+	#  188.165.219.27
+	#  125.72.232.*
+	#  140.224.61.*
+	#  117.24.38.*
+	@ferm::rule { 'dsa-mail-abusers':
+		prio  => "000",
+		rule  => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/24) DROP",
+	}
+
 	# MXs used as smarthosts
 	@ferm::rule { 'dsa-exim-submission':
 		description => 'Allow SMTP',