help me securing my mail server through iptables

ridwan77 · 04-30-2009, 12:38 PM

Hello all,

I am new in linux and badly need your help.

I have a linux server running sendmail on it. I have eth0 with real ip(R.E.A.L) and eth1 with local network ip (192.168.6.0/24). A few days ago my server IP was blacklisted on CBL(Spamhaus.org) for spaming. tha spaming was generated from one of my local pc.

Now i want to secure my mail server through iptables. i want to block all my internal pc to send mail to port 25 except one PC(192.168.6.2) so that spambot can't send spam through my mail server.

Also is there any rules in iptables through which i can set a time limit(20 mails can be sent in 30 seconds from a pc) for sending mail to port 25.

Please help me out.

repo · 04-30-2009, 01:31 PM

More important, did you cleaned the infected PC?
Do you know what happened?

ridwan77 · 04-30-2009, 01:53 PM

yes, i have cleaned those pcs. i found some spyware, malware, and also some viruses.

chrism01 · 04-30-2009, 07:57 PM

something like

Code:

iptables -I INPUT -i eth1 -s 192.168.6.2 --dport 25 -j ACCEPT
iptables -I INPUT -i eth1 --dport 25 -j DROP

See also http://www.netfilter.org/ & chap 42.8, 42.9 here http://www.linuxtopia.org/online_boo...ion/index.html

chrism01 · 04-30-2009, 07:57 PM

something like

Code:

iptables -I INPUT -i eth1 -s 192.168.6.2 --dport 25 -j ACCEPT
iptables -I INPUT -i eth1 --dport 25 -j DROP

See also http://www.netfilter.org/ & chap 42.8, 42.9 here http://www.linuxtopia.org/online_boo...ion/index.html