Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1092
  • Last Modified:

Using iptables to drop connections with certain ip addresses

Hello all,

I am running a Postfix mail server that uses RBL lists and spamassassin to filter out the junk mail.  However I noticed an increase in spam on my account coming from the same IP address.  Is there a way I can setup iptables or even postfix to drop the connection or reject the mail from a certain IP address?  Maybe I can setup my own rbl list and add addresses that I want rejected.  Any ideas?  I am giving this one 250 points.

Thanks,

Johnathon B. Allread
0
jballread
Asked:
jballread
1 Solution
 
ahoffmannCommented:
# for the firewal on the server running the MTA
iptables -I INPUT 1 -p tcp -s IP-address --dport 25 -j DROP

# for a firewall in front of the MTA
iptables -I FORWARD 1 -p tcp -s IP-address --dport 25 -j DROP
0
 
ahoffmannCommented:
BTW, postfix itself can also block based on sender-addresses
0
 
pjedmondCommented:
Postfix is probably the best approach for dealing with this type of problem. This is because, only emails to port 25 will be checked against the rule set. If you add the rules to your iptables, then the checks are against every packet arriving. OK this is simplistic...but you get the idea...especially if you end up trying to block a couple of thousand spam addresses?

Basically, you just create a list of addresses that you want blacklisting in a table and get Postfix to react to mails from those addresses. See here for further details:

http://techrepublic.com.com/5100-6313_11-5055103.html

HTH:)
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
pjedmondCommented:
The following page is potentially of use:

http://techrepublic.com.com/5100-6313-5055103-2.html

and provides an interesting approach using postfix to deal with a similar problem to the one you have:)
0
 
benjamin_smeeCommented:
http://www.postfix.org/spam.html#smtpd_client_restrictions
will answer all of your questions.

basically put what you want to block in /etc/postfix/access list and then make the appropriate config changes and rehup postfix for it to take effect
0
 
garak1357Commented:
I use a firewall that has a built in list of banned IP addresses.
When I find someone I want to block, I simply edit the text file
and add their IP address.  You might want to take a look at it.

homeLANsecurity 1.4.1

http://www.unixpages.com/hls
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now