Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

100K entries in iptables



As I look through the maillog file on my inbound smtp server, I get irritated by all of the 'Relaying denied' entries.  These look like external systems trying to relay through my server and being denied.

I think, perhaps I can stop these systems (and other known spammers) before they get to sendmail.  So I grep through the last few months of maillogs and gather a list of >100K unique ip addresses.

I think, I'll stuff these into iptables.  But then, it seems like a lot of filtering.  Although, perhaps it is better than letting sendmail get slammed, and I will receive less spam, and so less load from spamd.

For the moment, I have decided to limit this to the current and previous weekly maillog file, which keeps the number of entries down around 4K.

But I still ponder, is putting 100K, or even 4K, entries into iptables a bad idea?  eg: What are the side effects of doing this?

Here is a sample script:

###

iptables -P INPUT ACCEPT

iptables -N SPAMMER
iptables -A SPAMMER -j LOG --log-prefix 'spammer: '
iptables -A SPAMMER -j DROP

iptables -N SPAMCHECK
iptables -A SPAMCHECK -s 127.0.0.1/32   -j ACCEPT   # Local host
iptables -A SPAMCHECK -s 192.168.0.0/16 -j ACCEPT   # Local network
iptables -A SPAMCHECK -s <snip>/32      -j ACCEPT   # Good customer

iptables -A SPAMCHECK -s 4.18.54.180/32 -j SPAMMER  # Bad guy
<repeat many times with different ip address>

iptables -A INPUT -p tcp --dport 25 --syn -j SPAMCHECK

###

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org