« How did Microsoft avoid spamming?
Adsoft-Development and Andrew Kartashov »

Make your router guard your mail

Some routers have good firewalls. Mine has the ability to set the destination address of ports or port ranges. That means I can set the router to not allow mail to be sent to any other mail server than the one my ISP runs.

If more people would do that, then there would be less zombies succeeding - even if you get infected. I know my ISP would contact me quickly if I were to send thousands of spam messages through their mail server.

OK, so my router has a firewall a little better than most. But for those of you who are security conscious, check if your router has that capability. And next time you buy one, look for a router that can do that.

Remember, outgoing mail is on port 25. You’d need to find the IP number of your ISP’s mail server(s) and set the destination to that IP number. You can set the netmask to 255.255.255.0 or less. The firewall is probably already set to let outgoing traffic through on that port.

I won’t name brands and models here, but I’ve seen routers with firewalls that can’t be controlled by the user…

What could break?
Authenticated mail going to servers other than your ISP. Ideally you should know this ahead of doing the changes to the router. I imagine this trick would be used by corporate IT guys setting up home networks for employees, and geek friends setting up networks for clueless people. That question should be asked. Also consider putting a sticker on the modem with the username and password (changed from the default).

This entry was posted on Saturday, October 29th, 2005 at 4:59 am and is filed under Mail spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Make your router guard your mail”

  1. Lemat Says:
    October 29th, 2005 at 9:01 am

    while using linux and iptables:

    modprobe ipt_recent ip_list_tot=32
    ${IPTABLES} -A FORWARD -m state –state RELATED, ESTABLISHED -j ACCEPT
    ${IPTABLES} -A FORWARD -p tcp –dport 25 -m recent –name SMTP –seconds 60 –update -j DROP
    ${IPTABLES} -A FORWARD -p tcp –dport 25 -m limit –limit 1/second –limit-burst 5 -j LOG –log-level info –log-prefix “smtp ”
    ${IPTABLES} -A FORWARD -p tcp –dport 25 -m recent –name SMTP –set -j ACCEPT

    assuming that human being will not send email more often than 60s and virus will try to connect far more often than every 60s - the above code will allow only first connection to the port 25, and every connection to this port made in 60s time will extend this ban for another 60s.
    Full ban or redirecting the http traffic to “You have a virus” web page is also possible.

  2. Administrator Says:
    October 29th, 2005 at 9:10 am

    And if you set up a router (for windows machines) or a linux machine for noobs who only use webmail (and won’t ever use anything else), firewall off port 25 entirely.

Leave a Reply