Hi,
From: Axel Leitner [mailto:axel.leitner@muenchen-mail.de] Hello,
I want to filter, secure 110 with authentication, open 25 only to relayable hosts, drop all other trying access 25,
if you know the trusted hosts then it's no problem to open port 25 for them. just add the according iptables-rule for each host/subnet ... 'secure 110' is plain pop3, it is unencrypted and therefore to be regarded as insecure. you can activate SSL-encryption via pop3, which is called pop3s (it uses port 995).
domain blocking is not my intend because blacklists have more disadvantages than the right affect on security.
black lists may not increase the security of your system, but they do help to keep spam away from you. and that's what you asked for.
Axel
Why would you use iptables for that? Reasonable MTAs nowadays have a feature which honors blacklists. If you want to do the blocking yourself you will need some script or whatever to collect the IP addresses of spamming hosts - and the tricky part will be how you know IN ADVANCE if a host will spam you ;-) By uing blacklists your can increase your chance because a spamming host will mabye already make it into the blacklist database bofore he attempts to spam you.
Hope I made sense ;-)
Erwin
Axel Leitner wrote:
Hello everybody,
has someone a suggestion how to block unauthorizied spam access with an iptables rule thru 25/tcp ?
Bye
Axel
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here