Need some expert advice with iptables port 25 (rate limiting) orusing tcp_wrappers

Discussion in 'Linux Networking' started by Linux_User01, Jan 17, 2011.

  1. Linux_User01

    Linux_User01 Guest

    I have 2 email servers both running RHEL5 Linux, the main ISP server
    has less than 5,500 accounts on it.
    The other virtual domain server has about 500 accounts both run
    IceWarp.

    I have problems with rouge overseas traffic hitting the email servers,
    I have written some iptables rules to block overseas traffic to port
    443.

    However the problem is I do not know how to rate limit port 25 due to
    the fact Smart_Phones such as iPhone/Android/BlackBerry connect via
    port 25 as well. There are 2 Barracuda 800(s) that sit in front as
    MX(s), what has happened in the past is I have found some malicious
    overseas
    IP ranges or they can be stateside spamming, so I block them in the
    Barracuda(s). When this is done they normally turn around and launch
    a
    denial of service attack against the email server on port 25 or port
    110 by bombarding it with thousands of request or bogus user_name/
    password
    combo's to disrupt service.

    Does anyone have any ideas about using iptables and rate limiting
    connections to port 25 without impacting Smart_Phones that connect or
    the Barracuda(s).

    I was thinking I could have separate rules for the Barracuda(s) to
    port 25, however this would mean that Smat_phones would fall into this
    realm.

    Someone mentioned tcp_wrappers, I want to keep the port(s) 110/25
    facing the outside world from being bombarded by a Malicious denial
    of
    service attack.

    Any help or ideas would be great.
     
    Linux_User01, Jan 17, 2011
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.