Linode.com Forum

[komy]

Hi,

I am running exim on my lindoe and I am seeing a lot of spammer trying to send emails to non-existing address; and some are trying to send many emails at a time.

I am wondering, in general, is there any way that I can automatically block such bad IP's SMTP connections from iptables? Ie: automatically create an iptable rule on the mail port when XX amounts of bad connections on exim are found.

Thanks for help.

Kevin

[SteveG]

Yes, you can. Google for "iptables automatic rules" and variants, and you'll turn up scripts that you can use or adapt.

As a side note, are you already using a DNS Blacklist? If not, start: it will help a lot with this kind of stuff, possibly to the point where you don't feel the need for your own. Spamhaus (www.spamhaus.org) runs a good one, but there are dozens.

[pclissold]

spamhaus.org and spamcop.net together take care of 90% of this crap.

I stop a lot of the rest by rejecting connections from IP addresses for which I cannot successful lookup the host name. You have to whitelist this if you have legitimate senders who cannot / will not set up their mail systems correctly.

Auto written firewall rules can leave you vulnerable to a DoS attack using forged IP headers unless the 'rules for writing the rules' are chosen very carefully.

[komy]

Thanks for all the suggestions... and yes, I am already using multiple DNS blacklists on my linode. Even with the blacklist, I still see a lot of connection trying to send email to non-existing account. I've already have setting to bounce all those emails, but just want to see if there is any easy way to drop those connection on the iptables layer as well.

Thanks,
Kevin