Hello,
I´m using iptables on a gateway for a lot of computers. I want to
block spam that goes out through the gateway, namely, I want to block
certain traffic to dport 25.
Scanning the contents of the emails is not an option, so I need some
kind of rules that say something like "If ip-adress X sends more than
Y emails within Z minutes, that ip will be logged and blocked from
sending mail for C hours, and if the sending persists for D minutes,
log that too".
I´ve googled my problem but have been unable to find much. I don´t
expect a complete solution, just suggestions and hints. Although, a
complete solution would be nice to study and learn from, if someone
here is able to do it.
Maybe logging how many emails is impossible. If so, what is the best
solution you can think of that doesn´t involve scanning the contents?
I found this but I don´t understand how it does what he says it does.
- http://marti.dimerge.net/blog/tag/ipt_recent :
modprobe ipt_recent ip_list_tot=32 #ip_list_tot - defines the size of
ip_recent file
iptables -A FORWARD -p tcp –dport 25 -m recent –name SMTP –seconds 30 –
update -j DROP
iptables -A FORWARD -p tcp –dport 25 -m limit –limit 1/second –limit-
burst 5 -j LOG –log-level info –log-prefix “smtp-log ”
iptables -A FORWARD -p tcp –dport 25 -m recent –name SMTP –set -j ACCEPT
If this is the wrong list and I should look for help somewhere else,
please say so.
Kind regards, stromberg--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
