What I do, is only open port 25 to the list of ips of the spam filtering service -- I use an iptables script called rc.firewall which I found several years ago which works well and has a nice syntax for this and I get no direct spam, I get some which gets by the filters.
Randy R <randulo2...@gmail.com> wrote: > Many of you are interested in and have used or recommended fail2ban > for your linux boxes. I finally installed it on our FreeBSD server (no > asterisk, hence the OT) with the help of a friend from the VoIP Users > Conference and Asterisk community. > > After a lot of new learning about regex, I extended the actions and > filters to look at our mail server, plagued by spammers - who isn't? > Our server has a unique setup now. The customer found a spam filtering > service that works VERY well as the MX for the domain. Their server > then connects to ours to deliver. Obviously, the IPs of that service > are entered as RELAY in the sendmail config. Here is my question: > > We are still getting a lot of direct spam. Being that only account > holders and the spam filtering servers should be connecting, I started > blocking various connections bith in /etc/mail/access and in pf. > However, I soon saw that I'll need to block the en tire Internet IP > space. Blocking by IP is a problem for a small number of nomad users > whose IP may just be in China, Russia or Argentina at some point. > > I was thinking of closing port 25 and using an alternate port (587?) > setup if the spam service is able to connect to an alternate port. > That way, the users can also change their configs to 587 and most > spammers will be trying 25 which is closed. > > Is this a tenable idea? What are your experiences and opinions? > > tia > > /r > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users