ipchains -A input -s <goodhost> -p tcp -d <myip> --dport 25 -j ACCEPT ipchains -A output -d <goodhost> -p tcp -s <myip> --sport 25 -j ACCEPT ipchains -A input -j DENY ipchains -A output -j DENY ----- Original Message ----- From: "Axel Leitner" <axel.leitner@muenchen-mail.de> To: <suse-security@suse.com> Sent: Tuesday, April 30, 2002 1:00 PM Subject: Re: [suse-security] iptables blocking telnet 25 ?
Hello,
I want to filter, secure 110 with authentication, open 25 only to relayable hosts, drop all other trying access 25, domain blocking is not my intend, because blacklists have more disadvantages than the right affect on security.
Axel
Why would you use iptables for that? Reasonable MTAs nowadays have a feature which honors blacklists. If you want to do the blocking yourself you will need some script or whatever to collect the IP addresses of spamming hosts - and the tricky part will be how you know IN ADVANCE if a host will spam you ;-) By uing blacklists your can increase your chance because a spamming host will mabye already make it into the blacklist database bofore he attempts to spam you.
Hope I made sense ;-)
Erwin
--- Axel Leitner wrote:
Hello everybody,
has someone a suggestion how to block unauthorizied spam access with an iptables rule thru 25/tcp ?
Bye
Axel
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here