Solved

Using iptables to drop connections with certain ip addresses

Posted on 2004-09-13
6
1,065 Views
Last Modified: 2008-02-01
Hello all,

I am running a Postfix mail server that uses RBL lists and spamassassin to filter out the junk mail.  However I noticed an increase in spam on my account coming from the same IP address.  Is there a way I can setup iptables or even postfix to drop the connection or reject the mail from a certain IP address?  Maybe I can setup my own rbl list and add addresses that I want rejected.  Any ideas?  I am giving this one 250 points.

Thanks,

Johnathon B. Allread
0
Comment
Question by:jballread
6 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 12044437
# for the firewal on the server running the MTA
iptables -I INPUT 1 -p tcp -s IP-address --dport 25 -j DROP

# for a firewall in front of the MTA
iptables -I FORWARD 1 -p tcp -s IP-address --dport 25 -j DROP
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12044446
BTW, postfix itself can also block based on sender-addresses
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 12139192
Postfix is probably the best approach for dealing with this type of problem. This is because, only emails to port 25 will be checked against the rule set. If you add the rules to your iptables, then the checks are against every packet arriving. OK this is simplistic...but you get the idea...especially if you end up trying to block a couple of thousand spam addresses?

Basically, you just create a list of addresses that you want blacklisting in a table and get Postfix to react to mails from those addresses. See here for further details:

http://techrepublic.com.com/5100-6313_11-5055103.html

HTH:)
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 22

Expert Comment

by:pjedmond
ID: 12139210
The following page is potentially of use:

http://techrepublic.com.com/5100-6313-5055103-2.html

and provides an interesting approach using postfix to deal with a similar problem to the one you have:)
0
 

Expert Comment

by:benjamin_smee
ID: 12240885
http://www.postfix.org/spam.html#smtpd_client_restrictions
will answer all of your questions.

basically put what you want to block in /etc/postfix/access list and then make the appropriate config changes and rehup postfix for it to take effect
0
 
LVL 2

Expert Comment

by:garak1357
ID: 12448597
I use a firewall that has a built in list of banned IP addresses.
When I find someone I want to block, I simply edit the text file
and add their IP address.  You might want to take a look at it.

homeLANsecurity 1.4.1

http://www.unixpages.com/hls
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question