I have a server with 5 ips and lot of domains hosted in the panel. The domains are equally distributed among the availables IPs.
I am trying to create a function in exim4 config to allow the usage of web domain IP as outbound interface IP. That way, if a domain is infected and starts to send spam, when the IP is added to a blacklist it will only affect the other domains allocated to that IP, leaving the rest of the domains untouched. Its like a way to minimize the impact of an email spam attack. Of course i also have a few extra rules to avoid a hack, but no rule is 100% effective regarding hackers.
What do you think about it?
Do you have any hint on how to acheive that?
Just in case someone needs this functionality. This is how i resolve it:
I made the following script that creates a file with a domain: ip mapping:
#!/bin/bash -l
DEFAULT_IP=178.238.238.233
EXIM_DOMAIN_IPS_FILE=/etc/exim4/domainips
HESTIA_USERS_DATA_DIR=/usr/local/hestia/data/users
# First the default ip
echo "*: $DEFAULT_IP" > $EXIM_DOMAIN_IPS_FILE
# Then search for web domains and extract the ip
for USER_DATA_DIR in $HESTIA_USERS_DATA_DIR/*
do
while IFS="" read -r line || [ -n "$line" ]
do
eval $line
echo "$DOMAIN: $IP" >> $EXIM_DOMAIN_IPS_FILE
done < $USER_DATA_DIR/web.conf
done
a mapping like this as default, if there are mutliple IPs on the system totally makes sense. I guess if implemented directly with the mail-stack, there should be no need for a cron-script at all
I sugest # First the default ip hostname -I | { read default others ; echo "*:" $default; } > $EXIM_DOMAIN_IPS_FILE
to avoid hardcoded IP in the script.