[Nottingham] iptables SMTP blocklist
Graeme Fowler
graeme at graemef.net
Sat May 15 08:11:07 BST 2004
On Fri, 2004-05-14 at 23:32, Mike Cardwell wrote:
> On Fri, 14 May 2004, Michael wrote:
> > Thanks folks - what I should have asked is: do any of you block
> > particular ranges or make use of RBL/other services? This is for my
> > Devil-Linux firewalls at home and at work - I get many relay attempts on
> > both SMTP servers.
>
> If your mail server is set up correctly and is rejecting the relay
> attempts, what is the problem?
That's just what I was going to say, dammit :) This is similar to the
"how do I drop all this traffic?" discussion we had on the list a while
back where people were complaining that their logs were unwieldy, and
the obvious answer was to not log anything!
There's a number of ways to stop people attempting to relay, in
decreasing order of efficiency:
1. Don't run an SMTP server
2. Run an SMTP server but only accept mail from known hosts:
2a. Use iptables to filter everyone else out apart from known trusted
hosts.
2b. Use a more easily configurable mailer than sendmail, like Exim, and
use the ACLs therein to control who can connect to you.
3. Make sure your mailer is correctly configured and does not permit
relaying.
4. Bolt-in RBL/DNSBL functionality, bearing in mind that it can slow
your mailer down immensely.
5. Process your logs, and feed the results back in to 2a or 2b.
Personally, I favour 1 to 3 from a home perspective. Obviously wearing
my work-shaped hat, things are slightly different :)
Graeme
--
Graeme Fowler <graeme at graemef.net>
More information about the Nottingham
mailing list