Georgi Alexandrov wrote:
Lucky Leavell wrote:
OS: SuSE 9.3 Pro
I work with a small ISP and we are encountering with increasing
frequency Windows machines which have been compromised and apparently
being used as spambots based on their attempted connection to port 25
of foreign hosts instead on using our mail server for outgoing mail.
With allowance for legitimate exceptions, could we simply disallow
port 25 connections from within our networks to any but our mail
servers?
Yes, something like that:
iptables -A FORWARD -p tcp -s $our_networks -d !
$our_mail_server_ip_addr --dport 25 -j DROP
Or, if you have multiple mail servers, something like that:
iptables -A FORWARD -p tcp -s $our_networks -d $first_mail_server
--dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s $our_networks -d $second_mail_server
--dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s $our_networks -d $third_mail_server
--dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s $our_networks --dport 25 -j DROP
(We run all outgoing -as well as incoming- mail thru
amavis/clamav/spamassassin.)
Any other thoughts or links to resources?
Thank you,
Lucky
regards,
Georgi Alexandrov
