Comments on: Make your router guard your mail http://spamhuntress.com/2005/10/29/make-your-router-guard-your-mail/ Just another WordPress weblog Sat, 17 May 2008 05:21:31 +0000 http://wordpress.org/?v=2.0.7 by: Administrator http://spamhuntress.com/2005/10/29/make-your-router-guard-your-mail/#comment-1685 Sat, 29 Oct 2005 15:10:03 +0000 http://spamhuntress.com/2005/10/29/make-your-router-guard-your-mail/#comment-1685 And if you set up a router (for windows machines) or a linux machine for noobs who only use webmail (and won't ever use anything else), firewall off port 25 entirely. And if you set up a router (for windows machines) or a linux machine for noobs who only use webmail (and won’t ever use anything else), firewall off port 25 entirely.

]]> by: Lemat http://spamhuntress.com/2005/10/29/make-your-router-guard-your-mail/#comment-1684 Sat, 29 Oct 2005 15:01:42 +0000 http://spamhuntress.com/2005/10/29/make-your-router-guard-your-mail/#comment-1684 while using linux and iptables: modprobe ipt_recent ip_list_tot=32 ${IPTABLES} -A FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT ${IPTABLES} -A FORWARD -p tcp --dport 25 -m recent --name SMTP --seconds 60 --update -j DROP ${IPTABLES} -A FORWARD -p tcp --dport 25 -m limit --limit 1/second --limit-burst 5 -j LOG --log-level info --log-prefix "smtp " ${IPTABLES} -A FORWARD -p tcp --dport 25 -m recent --name SMTP --set -j ACCEPT assuming that human being will not send email more often than 60s and virus will try to connect far more often than every 60s - the above code will allow only first connection to the port 25, and every connection to this port made in 60s time will extend this ban for another 60s. Full ban or redirecting the http traffic to "You have a virus" web page is also possible. while using linux and iptables:

modprobe ipt_recent ip_list_tot=32
${IPTABLES} -A FORWARD -m state –state RELATED, ESTABLISHED -j ACCEPT
${IPTABLES} -A FORWARD -p tcp –dport 25 -m recent –name SMTP –seconds 60 –update -j DROP
${IPTABLES} -A FORWARD -p tcp –dport 25 -m limit –limit 1/second –limit-burst 5 -j LOG –log-level info –log-prefix “smtp ”
${IPTABLES} -A FORWARD -p tcp –dport 25 -m recent –name SMTP –set -j ACCEPT

assuming that human being will not send email more often than 60s and virus will try to connect far more often than every 60s - the above code will allow only first connection to the port 25, and every connection to this port made in 60s time will extend this ban for another 60s.
Full ban or redirecting the http traffic to “You have a virus” web page is also possible.

]]>