Hi Jon, On Sat, 26 Jul 2014, Jon Rowlan wrote:
That is helpful
That was the intention. :)
although for some odd reason I feel very much told off :-)
Er, sorry about that. I spend too much time dealing with issues caused by mail systems which have been badly configured by others. Sometimes I get a little tetchy.
I should have added that I checked the sender domains and they all had SPF in place which is why I was tempted to try using the SPF mechanism.
SPF is a sort of Good Samaritan thing. By and large the Internet protocols were developed for technical reasons by technical people. It never occurred to them that one day criminals would be by far the most numerous users. SMTP permits very simple forgery of mail sender addresses because at the time we (mea culpa) didn't think about the problems which we'd be facing forty years down the line. SPF lets others check, in a fairly secure way, mail claiming to be from your domain is coming from a server entitled to send it. Simple as that. But not much use to you unless other people use it too. Most of the time they don't, and in the unlikely event that they do, more often than not they get it wrong.
I have tried using hosts.deny but that doesn't seem to work for me,
You're doing it wrong. :) To use hosts.deny (and hosts.allow) you have to be running what's known as a 'super-server'. The super-server is started instead of the service that would normally have been run, it checks the files hosts.allow and hosts.deny, and then it either runs the service or it doesn't, depending on what it finds in those files. There are other ways of doing the same thing. Check out the man pages for inetd, tcpd, hosts_access, services and xinetd. If you don't have the man pages you might need to install the relevant packages, what they're called depends on what distribution you're using but they should be easy to find. You would either use inetd or xinetd, not both at the same time. I tend to use the more venerable inetd but xinetd has its followers (and its advantages). There are pages on Wikipedia which give brief descriptions in less, er, manpage style.
iptables may well be something to look at as you say.
There's great documentation, if rather a lot of it to digest at one sitting, on the Netfilter Website. It will very much be worth your while spending some quality time with it: http://www.netfilter.org/documentation/index.html At our sites iptables does most of the heavy lifting. We block about 25% of the IPV4 address space where 95% of the malicious connections come from. The mail filtering system can do the rest with one hand tied behind its back. -- 73, Ged. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
