View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Blocking SMTP connection automatically
Log in to Ask a Question

Blocking SMTP connection automatically

email

Hi,

I am running exim on my lindoe and I am seeing a lot of spammer trying to send emails to non-existing address; and some are trying to send many emails at a time.

I am wondering, in general, is there any way that I can automatically block such bad IP's SMTP connections from iptables? Ie: automatically create an iptable rule on the mail port when XX amounts of bad connections on exim are found.

Thanks for help.

Kevin

3 Replies

Yes, you can. Google for "iptables automatic rules" and variants, and you'll turn up scripts that you can use or adapt.

As a side note, are you already using a DNS Blacklist? If not, start: it will help a lot with this kind of stuff, possibly to the point where you don't feel the need for your own. Spamhaus (www.spamhaus.org) runs a good one, but there are dozens.

spamhaus.org and spamcop.net together take care of 90% of this crap.

I stop a lot of the rest by rejecting connections from IP addresses for which I cannot successful lookup the host name. You have to whitelist this if you have legitimate senders who cannot / will not set up their mail systems correctly.

Auto written firewall rules can leave you vulnerable to a DoS attack using forged IP headers unless the 'rules for writing the rules' are chosen very carefully.

Thanks for all the suggestions… and yes, I am already using multiple DNS blacklists on my linode. Even with the blacklist, I still see a lot of connection trying to send email to non-existing account. I've already have setting to bounce all those emails, but just want to see if there is any easy way to drop those connection on the iptables layer as well.

Thanks,

Kevin

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct