For per-source-ip limiting with iptables, you'll need iptables
'hashlimit' matching module. Something like:
# iptables -A INPUT -p tcp --dport 25 -m hashlimit \
--hashlimit 100/day --hashlimit-mode srcip \
--hashlimit-name smtp_limit -m state --state NEW --jump ACCEPT
For raising the alarm, you could follow the rule above with a
rate-limited logging rule, and use some log-monitoring tool (swatch,
Splunk...) to send an alert. Be sure to drop (explicitly or by
policy) any smtp traffic after these two rules.
-Ed
Bill Watson wrote:
I hope this list is the proper forum, if not, please guide me to the list
that is....
I am looking for a way to limit the email quantity from a given user(pc)
within my building that is using my "stock" RHEL system as the mailserver.
Basically, if one PC gets a virus, I want to limit the number of emails sent
from that or any PC to say, 100 in a day and alert me if this limit is
exceeded so I can give the 20 lashes. I have googled a lot and kbased a lot
and could not find any productive keywords.
I presume the limiter would count the number of emails SMTP'd out from a
given IP address and that'd be fine for my evil purposes. I know about
limiting the total email out, and the # of sessions, but this doesn't do a
lot towards my goals. 200 users at 100/day = limit of 20,000 really wouldn't
do a lot, nor would it tell me who the evil doer is.
Thanks in advance,
Bill Watson
[EMAIL PROTECTED]
_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list
