Need some expert advice with iptables port 25 (rate limiting) or using tcp_wrappers

Need some expert advice with iptables port 25 (rate limiting) or using tcp_wrappers

Post by Linux_User0 » Tue, 18 Jan 2011 09:27:16



I have 2 email servers both running RHEL5 Linux, the main ISP server
has less than 5,500 accounts on it.
The other virtual domain server has about 500 accounts both run
IceWarp.

I have problems with rouge overseas traffic hitting the email servers,
I have written some iptables rules to block overseas traffic to port
443.

However the problem is I do not know how to rate limit port 25 due to
the fact Smart_Phones such as iPhone/Android/BlackBerry connect via
port 25 as well. There are 2 Barracuda 800(s) that sit in front as
MX(s), what has happened in the past is I have found some malicious
overseas
IP ranges or they can be stateside spamming, so I block them in the
Barracuda(s). When this is done they normally turn around and launch
a
denial of service attack against the email server on port 25 or port
110 by bombarding it with thousands of request or bogus user_name/
password
combo's to disrupt service.

Does anyone have any ideas about using iptables and rate limiting
connections to port 25 without impacting Smart_Phones that connect or
the Barracuda(s).

I was thinking I could have separate rules for the Barracuda(s) to
port 25, however this would mean that Smat_phones would fall into this
realm.

Someone mentioned tcp_wrappers, I want to keep the port(s) 110/25
facing the outside world from being bombarded by a Malicious denial
of
service attack.

Any help or ideas would be great.

 
 
 

1. using iptables to block OUTBOUND port 25?

Using linux as a gateway router, how does one do this?  I'd like to
prevent internal computers from making outbound port 25 connections,
but still allow them to the linux box on port 25.

So, I have eth0 as the outside network and eth1 as the inside
network.  Computers on the eth1 network need to be able to hit the
linux box on port 25, but those computers should NOT be allowed to go
out to the internet on port 25.  This is the only port I want to block
for now.

eth0:  public ip...5.6.7.8/255.255.252.0
eth1:  internal ips:  172.16.0.0/255.255.255.0

2. did the 'elf' grade thing, now I can't use make, it claims no target

3. Do I need port forwarding on 25 port to send messages?

4. ZyXEL Elite 2864I ISDN Modem

5. Odd iptables blocking on port 25

6. Telnet -into- linux prob

7. Forwarding smtp to another machine with iptables and securing telnet on port 25

8. /stand/sysinstall won't install packages

9. Determining what port are currently used/needed and then using iptables to block the rest?

10. MTA using port other than 25?

11. Using ipfwadm to block port 25

12. using port 25

13. Problems using ports 25 and 110 with Windows XP