> --- In [email protected], "doorsofperception82" anupnair@ wrote: > > > > Hi, > > I have three smtp servers as MX to my domain. It is done such to balance > > load. But it was observed that each server would have high mail queue if > > it accepted 20 connections at a time. > > I found that most of the emails were from spam sources. So, I thought it > > is good to use iptables as a preliminary solution before we can work out > > grey listing methods. > > To do that I need to know what are right values to put in iptables. > > Which I have been unsuccessful at ! > > here are the rules I put in iptables. > > iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m > > recent --setiptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state > > NEW -m recent --update --seconds 10 --hitcount 8 -j DROP > --- In [email protected], "doorsofperception82" <anupn...@...> wrote: > > > changed --hitcount to 15 in 10 seconds > lets see ! Hi, Need help with iptables for the above rule (sightly changed values) <code: /etc/sysconfig/iptables># Generated by iptables-save v1.3.5 on Wed Nov 18 16:59:58 2009*filter:INPUT ACCEPT [269709335:173346729685]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [256910690:262320687036]-A INPUT -i eth1 -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --seconds 15 --hitcount 30 --name DEFAULT --rsource -j DROP-A INPUT -i eth1 -p tcp -m tcp --dport 25 -m state --state NEW -m recent --set --name DEFAULT --rsourceCOMMIT# Completed on Wed Nov 18 16:59:58 2009</code> In the above code, eth1 is my external interface that accepts connections on port 25. Client connections with an update of 15 seconds. Any client-IP hits over 30 connections in the specified time will be dropped. I am trying to limit max connections per client on port 25. How do I do that with iptables and "log" iptables action to a file? Also if there is any way I can do that (limit per-client connection) in qmail, let me know. My MTA is a modified qmail (modified -- qmail-smtpd and qmail-local, as far as I know)
[Non-text portions of this message have been removed]
