wtorek, 27 listopada 2007

spammers in your network

There are two simple ways not to get on SORBS (or simmilar) lists, first is simple:


modprobe ipt_recent ip_list_tot=32 #ip_list_tot - defines the size of ip_recent file
iptables -A FORWARD -p tcp --dport 25 -m recent --name SMTP --seconds 30 --update -j DROP
iptables -A FORWARD -p tcp --dport 25 -m limit --limit 1/second --limit-burst 5 -j LOG --log-level info --log-prefix "smtp-log "
iptables -A FORWARD -p tcp --dport 25 -m recent --name SMTP --set -j ACCEPT

This sample allow users to send only one mail per 30 seconds, but when somebody tries to send next mail in this 30 second time, the counter is reset, and starts counting from 0 (zero :) ). Every connection of this type will be loged into kernel log.

Second way needs some more configuration, but it has additional functions.

It is called SMTP Proxy and in this way you can control almost every user. And say that user A can send the XXX content, but user B cannot.

I will write some howto in my free time.

0 komentarze: