detox1978
asked on
CentOS: free server flood protection via YUM
Hi All,
I've been running a CentOS server for a few years and recently it's been targeted by spammers.
Several of my customers have catch all email addresses, that are being spammed like crazy.
Is there any free software i can install preferably via YUM (or with a lot of help) that will limit the number of times an IP can connect? e.g. no one should be connection more than 10 times a minute.
Many thanks
I've been running a CentOS server for a few years and recently it's been targeted by spammers.
Several of my customers have catch all email addresses, that are being spammed like crazy.
Is there any free software i can install preferably via YUM (or with a lot of help) that will limit the number of times an IP can connect? e.g. no one should be connection more than 10 times a minute.
Many thanks
ASKER
This isnt so much spam as it it idiots flooding my email server. They must be using it for backscatter or something. So all i need is a way to auto block IP's that are clearly flooding my ip
There are things like fail2ban etc but 10 requests in a minute is nothing - imagine a webpage with 10 images - get the idea.
If you can track the IP's, you may be better just adding them individually to the firewall.
The kind of software you are looking for would end up banning real visitors.
What email software are you using?
I use Postfix which is pretty good at stopping it
http://www.howtoforge.com/block_spam_at_mta_level_postfix
But this will always be an ongoing battle...
If you can track the IP's, you may be better just adding them individually to the firewall.
The kind of software you are looking for would end up banning real visitors.
What email software are you using?
I use Postfix which is pretty good at stopping it
http://www.howtoforge.com/block_spam_at_mta_level_postfix
But this will always be an ongoing battle...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the tips.
I've disabled the catch all forwarding, so hopefully they will go away.
I'll add the iptable rule in a few days when I re enable it.
Thanks
I've disabled the catch all forwarding, so hopefully they will go away.
I'll add the iptable rule in a few days when I re enable it.
Thanks
ASKER
Fail2ban appears to auto populate iptables
Yes, you can set up rules for it, but Dan's is a much simpler solution.
Not free, but reduced the spam on my server by 99%.
Just make sure to configure it to send a daily report for each of your client's domains with the quarantined mails, or you will miss regular mail. Not much (I get maybe 2 false positives per week, out of 2-3000 emails) but you'll save yourself some headaches if your clients can manage the quarantine by themselves.
HTH,
Dan