Need some expert advice with iptables port 25 (rate limiting) orusing tcp_wrappers

Discussion in 'Linux Networking' started by Linux_User01, Jan 17, 2011.

  1. Linux_User01

    Linux_User01 Guest

    I have 2 email servers both running RHEL5 Linux, the main ISP server
    has less than 5,500 accounts on it.
    The other virtual domain server has about 500 accounts both run

    I have problems with rouge overseas traffic hitting the email servers,
    I have written some iptables rules to block overseas traffic to port

    However the problem is I do not know how to rate limit port 25 due to
    the fact Smart_Phones such as iPhone/Android/BlackBerry connect via
    port 25 as well. There are 2 Barracuda 800(s) that sit in front as
    MX(s), what has happened in the past is I have found some malicious
    IP ranges or they can be stateside spamming, so I block them in the
    Barracuda(s). When this is done they normally turn around and launch
    denial of service attack against the email server on port 25 or port
    110 by bombarding it with thousands of request or bogus user_name/
    combo's to disrupt service.

    Does anyone have any ideas about using iptables and rate limiting
    connections to port 25 without impacting Smart_Phones that connect or
    the Barracuda(s).

    I was thinking I could have separate rules for the Barracuda(s) to
    port 25, however this would mean that Smat_phones would fall into this

    Someone mentioned tcp_wrappers, I want to keep the port(s) 110/25
    facing the outside world from being bombarded by a Malicious denial
    service attack.

    Any help or ideas would be great.
    Linux_User01, Jan 17, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.