CentOS: free server flood protection via YUM

Hi All,

I've been running a CentOS server for a few years and recently it's been targeted by spammers.

Several of my customers have catch all email addresses, that are being spammed like crazy.

Is there any free software i can install preferably via YUM (or with a lot of help) that will limit the number of times an IP can connect?  e.g. no one should be connection more than 10 times a minute.


Many thanks
LVL 2
detox1978Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
I was in about the same position and switched to SpamExperts.
Not free, but reduced the spam on my server by 99%.

Just make sure to configure it to send a daily report for each of your client's domains with the quarantined mails, or you will miss regular mail. Not much (I get maybe 2 false positives per week, out of 2-3000 emails) but you'll save yourself some headaches if your clients can manage the quarantine by themselves.

HTH,
Dan
0
detox1978Author Commented:
This isnt so much spam as it it idiots flooding my email server.  They must be using it for backscatter or something.  So all i need is a way to auto block IP's that are clearly flooding my ip
0
GaryCommented:
There are things like fail2ban etc but 10 requests in a minute is nothing - imagine a webpage with 10 images - get the idea.
If you can track the IP's, you may be better just adding them individually to the firewall.

The kind of software you are looking for would end up banning real visitors.
What email software are you using?

I use Postfix which is pretty good at stopping it
http://www.howtoforge.com/block_spam_at_mta_level_postfix

But this will always be an ongoing battle...
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Dan CraciunIT ConsultantCommented:
Why not use iptables for that?
You can use it to block brute force attacks, so it should be able to block IP's that connect to your mail server.

For ex
iptables -A INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Open in new window

will drop IPs with more than 10 connections/minute made to port 25.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
detox1978Author Commented:
thanks for the tips.

I've disabled the catch all forwarding, so hopefully they will go away.

I'll add the iptable rule in a few days when I re enable it.


Thanks
0
detox1978Author Commented:
Fail2ban appears to auto populate iptables
0
GaryCommented:
Yes, you can set up rules for it, but Dan's is a much simpler solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.