Answer the question
In order to leave comments, you need to log in
K
K
KaMaToZzz2018-04-26 19:13:21
KaMaToZzz, 2018-04-26 19:13:21
How to monitor mail flow?
Hello,
We have a node with virtual servers that spam a lot.
Interfaces eth0 lo venet0. It is required to log connections using iptables on port 25, and then drop them when the threshold is exceeded:
iptables -N smtp_check # Create a chain to check connection attempts on the protected port
# If in the last 5 minutes (300 seconds) there were 3 or more new connections from the same address - block this address (first to the log)
iptables -A smtp_check -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 -j LOG --log-prefix " 25port: " #And
now drop
iptables -A smtp_check -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 -j DROP
# Otherwise, allow, and at the same time list
iptables -A smtp_check -m recent --set -j ACCEPT
iptables -F INPUT # Clear the INPUT chain
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Allow packets on established connections
In this scenario, nothing is logged and, accordingly, is not dropped. I check telnet to some Yandex
Hotelka: if a lot of mail leaves the virtual server (spam) in a certain period of time, limit the virtual machine in the number of connections.
Similar questions
F
M
P
P
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question