I have 2 email servers both running RHEL5 Linux, the main ISP server
has less than 5,500 accounts on it.
The other virtual domain server has about 500 accounts both run
IceWarp.
I have problems with rouge overseas traffic hitting the email servers,
I have written some iptables rules to block overseas traffic to port
443.
However the problem is I do not know how to rate limit port 25 due to
the fact Smart_Phones such as iPhone/Android/BlackBerry connect via
port 25 as well. There are 2 Barracuda 800(s) that sit in front as
MX(s), what has happened in the past is I have found some malicious
overseas
IP ranges or they can be stateside spamming, so I block them in the
Barracuda(s). When this is done they normally turn around and launch
a
denial of service attack against the email server on port 25 or port
110 by bombarding it with thousands of request or bogus user_name/
password
combo's to disrupt service.
Does anyone have any ideas about using iptables and rate limiting
connections to port 25 without impacting Smart_Phones that connect or
the Barracuda(s).
I was thinking I could have separate rules for the Barracuda(s) to
port 25, however this would mean that Smat_phones would fall into this
realm.
Someone mentioned tcp_wrappers, I want to keep the port(s) 110/25
facing the outside world from being bombarded by a Malicious denial
of
service attack.
Any help or ideas would be great.
|
Similar Threads
Linear Mode
