Nataraj wrote:
On Wed, 2008-03-26 at 11:14 -0400, Rodolfo Alcazar Portillo wrote:
Am Mittwoch, den 26.03.2008, 23:59 +0900 schrieb John Summerfield:
I use postfix; I can do this:
[root@xxxxxxxxxxxxx sysconfig]# tail /etc/postfix/header_checks
/^Received.*UNITED.CO.UK/ REJECT No thanks
/^Received.*HAPPYGROUP.CO.UK/ REJECT No thanks
/^Received:.*ceres.concept.net.nz/ REJECT Bloody twits
/^Received:.*dizinc.com/ REJECT No thanks
/CentOS-announce Digest/ REJECT I don't want these
/yourshopineu/ REJECT Bloody spammer
Ok, the problem is that the content is really random... I tried to found
common words:
Postfix has extensive features for dealing with these types of mail
attacks including all kinds of rate limiting for number of connections
from servers, blocking connections from servers with improper dns
entries, calling various hooks to other spam control mechanisms. If a
server connects and trys to send mail to non-existant users or other
failure, this counts as an error. You can rate limit the number of
errors allowed from a particular server attempting delivery, then
iptables does rate-limiting too, and (possibly) one can be more selective.
First, rules to accept known good guys.
Second, rules to accept some number/hour from the rest.
Third, rules to log and drop the rest.
Keep a careful eye on the results, you might want to extend the good
guys list.
This drops around 90% of ssh connexions that get to the box:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m limit
--limit 5/hour -j LOG --log-prefix "SSH connexion "
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m limit
--limit 5/hour -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "SSH
connexion attack dropped "
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
There are prior rules to allow more likely locations, where I might be
found.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list