On 07/27/2011 05:04 AM, Peter Peltonen wrote:
Hi,
On Sat, Jul 23, 2011 at 7:35 PM, Jake Vickers<[email protected]> wrote:
If you want a hammer, you can iptables it - here's one I use on some server
to prevent hammering on port 25:
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -m state --state NEW -m recent
--set --name DEFAULT --rsource
So the above blocks any IP trying more than 10 connections in 60 seconds on
port 25.
That's valualbe information, thanks!
For how long will that blocking be active -- until iptables is restarted?
And to clarify: if a person sends a message to 20 recipients on your
server -- this is counted as 1 connection or as 20? I'm just wondering
what a reasonable connection limit should be for an "average" mail
server...
That rule will block them until the iptable entry is cleared.
When a user sends an email to 20 people, that will be one connection in
most cases. The rule was meant to capture spam factories, which from
what I have seen are usually poorly written and will establish multiple
connections over a period of time. Also helps reduce spam machines that
"hammer" to try and find valid addresses.
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
