[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Custom rules for the Susefirewall2
On Wednesday 04 February 2004 17.17, suse-security wrote:
> Hi list,
> I'm very new to the subject of administrating a linux server, so please
> forgive my dumb questions.
> Currently my server is receiving a lot of spam mail from a certain
> address. I want to block this rubbish before it hits the smtp-server,
> hence I'd like to add some rules to the firewall that sorts the stuff out.
> Is the custom script for the SuseFirewall2
> (/etc/sysconfig/scripts/Susefirewall2-custom) the right place for this
> temporary solution? And which section to I have to use inside this script?
> I know that I have to setup some proper antispam-software, but in the
> meantime I just want to drop the mails.
> Any hints are really welcome
You should ask yourself the question : If someone from a know spam server is
sending an e-mail to my domain, should I 1) quite simply block it or should I
2) reject it with a message to the sender like "We do not accept mail from
know spam servers."
That is, how bad would it be if an e-mail was wrongly blocked with no
notification to the client? Or just beeing reject with an reject message?
In general, a firewall can only do option 1) (drop/reject TCP/IP packet) while
your mailserver can do option 2) (commonly via RBLS).
What I do is to use a combination of 1) (sort of, I use OpenBSD spamd here)
and 2) : IP's compiled from spamhaus.org as well as IP from China and Korea
are not redirected to the mail server. The others are rejected with an error
Then I use SpamAssassin to classify e-mails, and the target of the e-mail can
then make a filter rule on X-Spam-Level that is added by Spamassassin to
eliminate more spam.
OpenBSD is mirroring some blocking lists since the masters are under some
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here