Link to home
Start Free TrialLog in
Avatar of detox1978
detox1978Flag for United Kingdom of Great Britain and Northern Ireland

asked on

CentOS: free server flood protection via YUM

Hi All,

I've been running a CentOS server for a few years and recently it's been targeted by spammers.

Several of my customers have catch all email addresses, that are being spammed like crazy.

Is there any free software i can install preferably via YUM (or with a lot of help) that will limit the number of times an IP can connect?  e.g. no one should be connection more than 10 times a minute.


Many thanks
Avatar of Dan Craciun
Dan Craciun
Flag of Romania image

I was in about the same position and switched to SpamExperts.
Not free, but reduced the spam on my server by 99%.

Just make sure to configure it to send a daily report for each of your client's domains with the quarantined mails, or you will miss regular mail. Not much (I get maybe 2 false positives per week, out of 2-3000 emails) but you'll save yourself some headaches if your clients can manage the quarantine by themselves.

HTH,
Dan
Avatar of detox1978

ASKER

This isnt so much spam as it it idiots flooding my email server.  They must be using it for backscatter or something.  So all i need is a way to auto block IP's that are clearly flooding my ip
There are things like fail2ban etc but 10 requests in a minute is nothing - imagine a webpage with 10 images - get the idea.
If you can track the IP's, you may be better just adding them individually to the firewall.

The kind of software you are looking for would end up banning real visitors.
What email software are you using?

I use Postfix which is pretty good at stopping it
http://www.howtoforge.com/block_spam_at_mta_level_postfix

But this will always be an ongoing battle...
ASKER CERTIFIED SOLUTION
Avatar of Dan Craciun
Dan Craciun
Flag of Romania image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks for the tips.

I've disabled the catch all forwarding, so hopefully they will go away.

I'll add the iptable rule in a few days when I re enable it.


Thanks
Fail2ban appears to auto populate iptables
Yes, you can set up rules for it, but Dan's is a much simpler solution.