shorewall firewall and spam
Posted on 2006-11-02
my server is getting spammed out. I was using iptables to block the spammers but it wasnt working. So I added shorewall firewall on top of it. Here's the deal. In shorewall (v. 3.2.5), I can disable listening ports just fine and the services stop working. Now, with the services working I have been checking my network connections (netstat -an) and checking my mail logs. I would like to blacklist certain IP's. So, I added the IP's to the blacklist file and nothing happens, the IP's are still connected. Now, when I specify tcp and the port of the spammer it kicks them off for a split second and then the reconnect with a different port. i.e. smtp 25 listening on localhost, spammer connects to smtp but using some random port number. If I block their ip and the random port number they get kicked off but come back with a different port number.
Basically I cannot block certain IP's successfully. I tried setting up a sorbs.net rdns, but that stops remote users from connecting using pop3/smtp.