<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content=text/html;charset=iso-8859-1>
<META content="MSHTML 6.00.6000.17063" name=GENERATOR></HEAD>
<BODY id=MailContainerBody
style="PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-TOP: 15px"
bgColor=#ffffff leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><B>From:</B> <A
title="mailto:chuck@tetlow.net
CTRL + Click to follow link"
href="mailto:chuck@tetlow.net">Chuck Tetlow</A> </DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV style="BACKGROUND: #f5f5f5">
<DIV><B>Sent:</B> Thursday, June 17, 2010 1:10 PM</DIV>
<DIV><B>To:</B> <A title=blueonyx@blueonyx.it
href="mailto:blueonyx@blueonyx.it">BlueOnyx General Mailing List</A> </DIV>
<DIV><B>Subject:</B> [BlueOnyx:04765] Re: /tec/mail/access</DIV></DIV></DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><BR></DIV>We
used a Linux based appliance from Roaring Penguin to filter all incoming e-mail
for SPAM and virus. I lock our BX servers down to only accept TCP Port25
connections from our internal networks and that appliance by using the IP Tables
firewall. <BR><BR>Put these rules in your IP Tables configuration file
(/etc/sysconfig/iptables), right up at the top under the INPUT and OUTPUT rules:
<BR><BR>-A acctin -m state --state NEW -p tcp -s 216.x.x.x/24 --dport 25 -j
ACCEPT <BR>-A acctin -m state --state NEW -p tcp -s 10.0.0.0/8 --dport 25 -j
ACCEPT <BR>-A acctin -m state --state NEW -p tcp -s 172.16.32.0/16 --dport 25 -j
ACCEPT <BR>-A acctin -m state --state NEW -p tcp -s 192.168.0.0/16 --dport 25 -j
ACCEPT <BR>-A acctin -m state --state NEW -p tcp --dport 25 -j LOG --log-prefix
"E-Mail Connect " <BR>-A acctin -m state --state NEW -p tcp --dport 25 -j DROP
<BR><BR>Obviously replace the first line with your own local network IPs or your
filtering appliance IP. The next three are for our internal network IPs,
so client PCs can send through the server. The second-to-last logs the
connection (so I can get some stats on who's trying and how much). And the
last line prevents any SMTP connection from a IP not allowed above. This
stops all the scumbag SPAMMERS who use scripts to hit large numbers of IP
addresses. <BR><BR>Reload the firewall rules with "service iptables restart" to
activate the new rules. And stop any changes to that file by locking it
with "chattr +i /etc/sysconfig/iptables" (this sets the immutable bit and not
even root can modify the file after that). To edit the file later - don't
forget to unlock it with "chattr -i /etc/sysconfig/iptables". <BR><BR>My only
problem - the BX watchdog scripts keep screwing it up and changing the firewall
rules. So I've got to reload every once in a while - to keep these and
other custom rules effective. Wish I could stop that.... Any ideas
Michael?? <BR><BR>Chuck <BR><BR><FONT size=2><BR><B>---------- Original Message
-----------</B> <BR>From: "David Booth" <david@goulburn.net.au> <BR>To:
<blueonyx@blueonyx.it> <BR>Sent: Thu, 17 Jun 2010 12:42:36 +1000
<BR>Subject: [BlueOnyx:04764] /tec/mail/access <BR><BR>> <FONT
face=Arial size=2>I RELAY from specific ip addresses and OK mail for local users
from a specific source.</FONT> <BR>> <FONT face=Arial size=2>How can I best
REJECT or DISCARD mail from ALL other sources?</FONT><FONT face=Arial
size=2> <BR>> <BR>> ___________________________ <BR>> David Booth
<BR>> Goulburn Internet <BR>> <BR>> 1300 918804</FONT>
<BR><B>------- End of Original Message -------</B> <BR></FONT>
<P>
<DIV><FONT face=Arial size=2>Thanks Chuck. Excellent. That's just what I need to
do.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I found putting To: DISCARD in /etc/mail/access
doesn't work. I guess nothing matches nothing, not everything.</FONT></DIV>
<DIV><FONT face=Arial size=2>So iptables is it. Best anyway, but for the
possible interference of watchdog.</FONT></DIV>
<DIV><FONT face=Arial size=2>I have Compassnetworks firewall - ports on or off.
I will have to watch and do my own barking if my additions get
overwritten.</FONT></DIV></BODY></HTML>