[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Custom rules for the Susefirewall2

On Wednesday 04 February 2004 17.17, suse-security wrote:
> Hi list,
> I'm very new to the subject of administrating a linux server, so please
> forgive my dumb questions.
> Currently my server is receiving a lot of spam mail from a certain
> address. I want to block this rubbish before it hits the smtp-server,
> hence I'd like to add some rules to the firewall that sorts the stuff out.
> Is the custom script for the SuseFirewall2
> (/etc/sysconfig/scripts/Susefirewall2-custom) the right place for this
> temporary solution? And which section to I have to use inside this script?
> I know that I have to setup some proper antispam-software, but in the
> meantime I just want to drop the mails.
> Any hints are really welcome
> Sebastian

You should ask yourself the question : If someone from a know spam server is 
sending an e-mail to my domain, should I 1) quite simply block it or should I 
2) reject it with a message to the sender like "We do not accept mail from 
know spam servers."

That is, how bad would it be if an e-mail was wrongly blocked with no 
notification to the client? Or just beeing reject with an reject message?

In general, a firewall can only do option 1) (drop/reject TCP/IP packet) while 
your mailserver can do option 2) (commonly via RBLS).

What I do is to use a combination of 1) (sort of, I use OpenBSD spamd here) 
and 2) : IP's compiled from spamhaus.org as well as IP from China and Korea 
are not redirected to the mail server. The others are rejected with an error 

Then I use SpamAssassin to classify e-mails, and the target of the e-mail can 
then make a filter rule on X-Spam-Level that is added by Spamassassin to 
eliminate more spam.

OpenBSD is mirroring some blocking lists since the masters are under some 
pressure :



Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here