Results 1 to 2 of 2
Let's face it. Spam is getting worse by the day. Since my web server (Linux/Apache at Serverbeach) serves only domestic clients and visitors, I want to stop all incoming contact ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-03-2006 #1
- Join Date
- Dec 2006
- Westlake, OH
Blocking email using iptables
Let's face it. Spam is getting worse by the day. Since my web server (Linux/Apache at Serverbeach) serves only domestic clients and visitors, I want to stop all incoming contact from China & Korea. For example, I want to block all email coming from any IP address from 126.96.36.199 to 188.8.131.52
(I know this is a HUGE block of IP addresses but that's what I want to try for now.)
My current iptable's INPUT chain (policy ACCEPT) is...
1 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
2 DROP icmp -- 0.0.0.0/0 0.0.0.0/0
3 DROP tcp -- 184.108.40.206/8 0.0.0.0/0 tcp dpt:25
Rules 1 & 2 came with my default setup. Rule 3 was added using...
iptables -A INPUT -p tcp -s 220.127.116.11/8 --dport 25 -j DROP
Is the 18.104.22.168/8 the correct syntax for the entire range of IP addresses?
Does this block everything? Or would I be better off using...
iptables -A INPUT -p all -s 22.214.171.124/8 -j DROP
I want to completely eliminate any contact (including access to the web site and all email originating) from Asia. The IP address ranges are easy to find on Google but I want to be sure to use the exact (aka BEST) syntax to add the new rules.
Lastly, BIG QUESTION... After adding the new rules using the iptables -A command, is it necessary to stop and restart iptables?
Many, many thanks for your help.
- 12-03-2006 #2
This will work to block 126.96.36.199/8 port 25 BUT this is a huge IP range.
Are you shure this IP range only holds chinese and korean IP adresses? I wouldn't block all thes IPs. I would install spamassisin and let your customers decide which mail to discard.
Lastly, BIG QUESTION... After adding the new rules using the iptables -A command, is it necessary to stop and restart iptables?"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds