Anti spam

Sjoden · 2009-07-13 18:22:09

We've had a hiccup with our anti spam feature on our firewall at work and having issues with getting some support with our vendor. I'm not sure if something like this is available, but... I'm hoping I can get some sort of inline filtering solution, preferably FOSS, that I can use temporarily. Something that I can put it in between the switch and Exchange server. Even if its just blacklist of known networks that are sending spam, it'd probably help.

ckristi · 2009-07-13 20:14:28

I would recommend a minimal config based on postfix and some DNS-BLs free/publicly available.
The setup is pretty straightforward as I recall. Just google for "Postfix DNSBL".

fukawi2 · 2009-07-13 22:57:18

+1 for what ckristi said.

If you insert it as a router between the mail server and the rest of the network, you can use these iptables rules to forcefully intercept all SMTP traffic:

iptables -t nat -A PREROUTING -i ethX -p tcp --dport 25 -j REDIRECT --to-port 25

Replace ethX with the network interface on the 'public' side of the interception.

Sjoden · 2009-07-15 16:47:35

Thanks for the replies. If I get a chance today I'll set up a box and start testing. The server that Exchange is running on has some other critical services also, so I need to make sure that none of the other traffic is touched, just passed through.

Sjoden · 2009-07-23 00:37:38

I have a machine setup with Arch running and two network cards. This is how I'd like the physical setup to be.

{Internet}
|
[Switch]----[VPN Stuff]
|
|
[Firewall/Gateway]
|
[Switch]-----[Other Servers]
\
\
\(eth0)
[Arch/Postfix/DNSBL]
|(eth1)
|
[Exchange](A Primary DC)

Since the mail server does stuff besides mail, I need everything else sent to it to just pass through the Arch box. I'm not sure if I need to modify the dns and wins entries or not. Is there a simpler way to do this?

fukawi2 · 2009-07-23 01:37:59

If the mail server performs functions other than mail, you're probably better off leaving it directly attached to the network, without the Arch box in front of it.

You can then update your DNS and/or MX records to point your mail to the Arch box (ie, pretend that it is your mail server). The Arch box can then be configured to relay anything it receives to the real mail server, after it has scanned it.

Alternatively, using the setup you've posted, you would need to give the Arch box eth0 the same address that the mail server currently has, and put a different address space between eth1 and the mail server. Then iptables rules like the following should work:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 25
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport XX -j DNAT --to-destination x.x.x.x
iptables -t nat -A POSTROUTING -o eth0 -m state --state NEW -j SNAT --to-source y.y.y.y
iptables -P FORWARD ACCEPT

Where:
XX = port of the "other" services the mail server performs (eg, 80 for http).
x.x.x.x = the new IP Address of the mail server when it is connected to eth1 of the Arch box.
y.y.y.y = the IP Address of eth0 on the Arch box.

Explanation:
Rule 1: Forcefully intercepts any SMTP traffic passing through the box, but only if it comes *from* the LAN. (ie, not if it's outbound from the mail server)
Rule 2: Port Forward specified port through to the mail server so when people connect to the IP address that the mail server used to ahve (which will become Arch's address), they will be forwarded to the new address transparently.
Rule 3: If the mail server initiates any outbound connections, they will be source-natted to it's old IP address to make it appear like it still has that address, even though it's actually Arch sitting in front of it.
Rule 4: Allows traffic to be forwarded back and forth between eth0 and eth1, and vice versa. You can (and probably should) tighten this ruleset up, but it's a good start to get things working.

Also, you will need to configure port forwarding in /etc/sysctl.conf

Arch Linux

#1 2009-07-13 18:22:09

Anti spam

#2 2009-07-13 20:14:28

Re: Anti spam

#3 2009-07-13 22:57:18

Re: Anti spam

#4 2009-07-15 16:47:35

Re: Anti spam

#5 2009-07-23 00:37:38

Re: Anti spam

#6 2009-07-23 01:37:59

Re: Anti spam

Board footer