Many of you are interested in and have used or recommended fail2ban for your linux boxes. I finally installed it on our FreeBSD server (no asterisk, hence the OT) with the help of a friend from the VoIP Users Conference and Asterisk community. After a lot of new learning about regex, I extended the actions and filters to look at our mail server, plagued by spammers - who isn't? Our server has a unique setup now. The customer found a spam filtering service that works VERY well as the MX for the domain. Their server then connects to ours to deliver. Obviously, the IPs of that service are entered as RELAY in the sendmail config. Here is my question: We are still getting a lot of direct spam. Being that only account holders and the spam filtering servers should be connecting, I started blocking various connections bith in /etc/mail/access and in pf. However, I soon saw that I'll need to block the en tire Internet IP space. Blocking by IP is a problem for a small number of nomad users whose IP may just be in China, Russia or Argentina at some point. I was thinking of closing port 25 and using an alternate port (587?) setup if the spam service is able to connect to an alternate port. That way, the users can also change their configs to 587 and most spammers will be trying 25 which is closed. Is this a tenable idea? What are your experiences and opinions? tia /r
On 13 July 2010 09:52, Randy R <randulo2008 at gmail.com> wrote:> Many of you are interested in and have used or recommended fail2ban > for your linux boxes. I finally installed it on our FreeBSD server (no > asterisk, hence the OT) with the help of a friend from the VoIP Users > Conference and Asterisk community. > > After a lot of new learning about regex, I extended the actions and > filters to look at our mail server, plagued by spammers - who isn't? > Our server has a unique setup now. The customer found a spam filtering > service that works VERY well as the MX for the domain. Their server > then connects to ours to deliver. Obviously, the IPs of that service > are entered as RELAY in the sendmail config. Here is my question: > > We are still getting a lot of direct spam. Being that only account > holders and the spam filtering servers should be connecting, I started > blocking various connections bith in /etc/mail/access and in pf. > However, I soon saw that I'll need to block the en tire Internet IP > space. Blocking by IP is a problem for a small number of nomad users > whose IP may just be in China, Russia or Argentina at some point. > > I was thinking of closing port 25 and using an alternate port (587?) > setup if the spam service is able to connect to an alternate port. > That way, the users can also change their configs to 587 and most > spammers will be trying 25 which is closed. > > Is this a tenable idea? What are your experiences and opinions? > > tia > > /r > >Hi Randy, How many users are on this 'domain'? Google Apps Free is a great solution for upto 50 users with 7.6GB per user. Their spam filtering usually does the job for our customers. Regards, Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100713/185c76b0/attachment.htm
covici at ccs.covici.com
2010-Jul-13 10:29 UTC
[asterisk-users] OT: fail2ban, spam and mail servers
What I do, is only open port 25 to the list of ips of the spam filtering service -- I use an iptables script called rc.firewall which I found several years ago which works well and has a nice syntax for this and I get no direct spam, I get some which gets by the filters. Randy R <randulo2008 at gmail.com> wrote:> Many of you are interested in and have used or recommended fail2ban > for your linux boxes. I finally installed it on our FreeBSD server (no > asterisk, hence the OT) with the help of a friend from the VoIP Users > Conference and Asterisk community. > > After a lot of new learning about regex, I extended the actions and > filters to look at our mail server, plagued by spammers - who isn't? > Our server has a unique setup now. The customer found a spam filtering > service that works VERY well as the MX for the domain. Their server > then connects to ours to deliver. Obviously, the IPs of that service > are entered as RELAY in the sendmail config. Here is my question: > > We are still getting a lot of direct spam. Being that only account > holders and the spam filtering servers should be connecting, I started > blocking various connections bith in /etc/mail/access and in pf. > However, I soon saw that I'll need to block the en tire Internet IP > space. Blocking by IP is a problem for a small number of nomad users > whose IP may just be in China, Russia or Argentina at some point. > > I was thinking of closing port 25 and using an alternate port (587?) > setup if the spam service is able to connect to an alternate port. > That way, the users can also change their configs to 587 and most > spammers will be trying 25 which is closed. > > Is this a tenable idea? What are your experiences and opinions? > > tia > > /r > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici covici at ccs.covici.com
On Tuesday 13 Jul 2010, Randy R wrote:> I was thinking of closing port 25 and using an alternate port (587?) > setup if the spam service is able to connect to an alternate port. > That way, the users can also change their configs to 587 and most > spammers will be trying 25 which is closed.Can't you just insist on SMTP AUTH? Or (crude but still just about usable) require a POP3 connection before allowing an SMTP connection? -- AJS