CentOS: free server flood protection via YUM

Hi All,

I've been running a CentOS server for a few years and recently it's been targeted by spammers.

Several of my customers have catch all email addresses, that are being spammed like crazy.

Is there any free software i can install preferably via YUM (or with a lot of help) that will limit the number of times an IP can connect?  e.g. no one should be connection more than 10 times a minute.


Many thanks
LVL 2
detox1978Asked:
Who is Participating?
 
Dan CraciunConnect With a Mentor IT ConsultantCommented:
Why not use iptables for that?
You can use it to block brute force attacks, so it should be able to block IP's that connect to your mail server.

For ex
iptables -A INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Open in new window

will drop IPs with more than 10 connections/minute made to port 25.
0
 
Dan CraciunIT ConsultantCommented:
I was in about the same position and switched to SpamExperts.
Not free, but reduced the spam on my server by 99%.

Just make sure to configure it to send a daily report for each of your client's domains with the quarantined mails, or you will miss regular mail. Not much (I get maybe 2 false positives per week, out of 2-3000 emails) but you'll save yourself some headaches if your clients can manage the quarantine by themselves.

HTH,
Dan
0
 
detox1978Author Commented:
This isnt so much spam as it it idiots flooding my email server.  They must be using it for backscatter or something.  So all i need is a way to auto block IP's that are clearly flooding my ip
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
GaryCommented:
There are things like fail2ban etc but 10 requests in a minute is nothing - imagine a webpage with 10 images - get the idea.
If you can track the IP's, you may be better just adding them individually to the firewall.

The kind of software you are looking for would end up banning real visitors.
What email software are you using?

I use Postfix which is pretty good at stopping it
http://www.howtoforge.com/block_spam_at_mta_level_postfix

But this will always be an ongoing battle...
0
 
detox1978Author Commented:
thanks for the tips.

I've disabled the catch all forwarding, so hopefully they will go away.

I'll add the iptable rule in a few days when I re enable it.


Thanks
0
 
detox1978Author Commented:
Fail2ban appears to auto populate iptables
0
 
GaryCommented:
Yes, you can set up rules for it, but Dan's is a much simpler solution.
0
All Courses

From novice to tech pro — start learning today.