Answer the question
In order to leave comments, you need to log in
How to monitor mail flow?
Hello,
We have a node with virtual servers that spam a lot.
Interfaces eth0 lo venet0. It is required to log connections using iptables on port 25, and then drop them when the threshold is exceeded:
iptables -N smtp_check # Create a chain to check connection attempts on the protected port
# If in the last 5 minutes (300 seconds) there were 3 or more new connections from the same address - block this address (first to the log)
iptables -A smtp_check -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 -j LOG --log-prefix " 25port: " #And
now drop
iptables -A smtp_check -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 -j DROP
# Otherwise, allow, and at the same time list
iptables -A smtp_check -m recent --set -j ACCEPT
iptables -F INPUT # Clear the INPUT chain
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Allow packets on established connections
In this scenario, nothing is logged and, accordingly, is not dropped. I check telnet to some Yandex
Hotelka: if a lot of mail leaves the virtual server (spam) in a certain period of time, limit the virtual machine in the number of connections.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question