Lucky Leavell wrote:
OS: SuSE 9.3 Pro
I work with a small ISP and we are encountering with increasing frequency
Windows machines which have been compromised and apparently being used as
spambots based on their attempted connection to port 25 of foreign hosts
instead on using our mail server for outgoing mail.
With allowance for legitimate exceptions, could we simply disallow port 25
connections from within our networks to any but our mail servers?
Yes, something like that:
iptables -A FORWARD -p tcp -s $our_networks -d !
$our_mail_server_ip_addr --dport 25 -j DROP
(We run
all outgoing -as well as incoming- mail thru amavis/clamav/spamassassin.)
Any other thoughts or links to resources?
Thank you,
Lucky