Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

best way to block IP addresses from talking to our smtp server

Status
Not open for further replies.
stevenriz

stevenriz

IS-IT--Management
May 21, 2001
1,069
Hi what would be the best way to block a certain IP address or addresses from communicating with our SMTP server? Currently I would like to block this IP address (198.104.156.37) and do so in IPTABLES but they still seem to get through!! I don't get it. See below at the logwatch file. Things still seem to be getting through. Am I way offbase here in my attempt to block this particular IP address?

I block it before AND after this group of iptable commands

#BLOCK IT HERE
-A RH-Firewall-1-INPUT -p tcp --dport 20:65535 -s 198.104.156.37 -j REJECT --reject-with tcp-reset
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
#AND TRY AGAIN HERE
-A RH-Firewall-1-INPUT -p tcp --dport 20:65535 -s 198.104.156.37 -j REJECT --reject-with tcp-reset

And still on the logwatch report we see this!!!!

Logged 12207 packets on interface eth0

From 4.78.204.162 - 100 packets to tcp(25)

From 63.123.248.14 - 56 packets to tcp(25)

From 63.123.248.24 - 46 packets to tcp(25)

From 198.104.156.37 - 11913 packets to tcp(25)

From 211.179.169.3 - 79 packets to tcp(25)

From 218.237.66.213 - 13 packets to tcp(25)

 
Sort by date Sort by votes
This really isn't the right foum for this question--you'd probably get better results in one of the linux forums.

That said, I believe that if you change "-j REJECT --reject-with tcp-reset" to "-j DROP" your problem will be solved. IIRC, rejected packets are logged by default. You can suppress the logging, but I don't recall how off the top of my head.
 
Upvote 0 Downvote
you are totally right, sorry... I had "mail" on the brain when I posted this. But thanks for the suggestion. I will try that as well as repost in the linux forum.
Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JRFEG
  • Locked
  • Question
Hack attempts overloading server by hogging memory
Replies
0
Views
555
JRFEG
JRFEG
cndgk
  • Locked
  • Question
What might cause local-originated (submit.cf?) mail not to show up in syslog,but incoming mail does?
Replies
0
Views
841
cndgk
cndgk
mduddytel
  • Locked
  • Question
How to save a huge Sent folder then clear it - Linux
Replies
0
Views
515
mduddytel
mduddytel
lolodirezo
  • Locked
  • Question
detect unused sendmail mailboxes in order to delete these boxes
Replies
0
Views
583
lolodirezo
lolodirezo
cjtucker1976
  • Locked
  • Question
Sendmail- can only send mail to external domains
Replies
0
Views
603
cjtucker1976
cjtucker1976

Part and Inventory Search

Sponsor

Back
Top