[BlueOnyx:04765] Re: /tec/mail/access

Chuck Tetlow chuck at tetlow.net
Wed Jun 16 22:10:43 -05 2010 

We used a Linux based appliance from Roaring Penguin to filter all incoming e-mail for SPAM and virus.  I lock our BX servers down to only accept TCP Port25 connections from our internal networks and that appliance by using the IP Tables firewall.

Put these rules in your IP Tables configuration file (/etc/sysconfig/iptables), right up at the top under the INPUT and OUTPUT rules:

-A acctin -m state --state NEW -p tcp -s 216.x.x.x/24 --dport 25 -j ACCEPT
-A acctin -m state --state NEW -p tcp -s 10.0.0.0/8 --dport 25 -j ACCEPT
-A acctin -m state --state NEW -p tcp -s 172.16.32.0/16 --dport 25 -j ACCEPT
-A acctin -m state --state NEW -p tcp -s 192.168.0.0/16 --dport 25 -j ACCEPT
-A acctin -m state --state NEW -p tcp --dport 25 -j LOG --log-prefix "E-Mail Connect "
-A acctin -m state --state NEW -p tcp --dport 25 -j DROP

Obviously replace the first line with your own local network IPs or your filtering appliance IP.  The next three are for our internal network IPs, so client PCs can send through the server.  The second-to-last logs the connection (so I can get some stats on who's trying and how much).  And the last line prevents any SMTP connection from a IP not allowed above.  This stops all the scumbag SPAMMERS who use scripts to hit large numbers of IP addresses.

Reload the firewall rules with "service iptables restart" to activate the new rules.  And stop any changes to that file by locking it with "chattr +i /etc/sysconfig/iptables" (this sets the immutable bit and not even root can modify the file after that).  To edit the file later - don't forget to unlock it with "chattr -i /etc/sysconfig/iptables".

My only problem - the BX watchdog scripts keep screwing it up and changing the firewall rules.  So I've got to reload every once in a while - to keep these and other custom rules effective.  Wish I could stop that....  Any ideas Michael??

Chuck

---------- Original Message -----------
From: "David Booth" <david at goulburn.net.au> 
To: <blueonyx at blueonyx.it> 
Sent: Thu, 17 Jun 2010 12:42:36 +1000 
Subject: [BlueOnyx:04764]  /tec/mail/access

> I RELAY from specific ip addresses and OK mail for local users from a specific source.
> How can I best REJECT or DISCARD mail from ALL other sources?
> 
> ___________________________
> David Booth
> Goulburn Internet
>  
> 1300 918804
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100616/7b6428a1/attachment.html>

More information about the Blueonyx mailing list