[asterisk-users] OT: fail2ban, spam and mail servers

Randy R randulo2008 at gmail.com
Tue Jul 13 03:52:19 CDT 2010


Many of you are interested in and have used or recommended fail2ban
for your linux boxes. I finally installed it on our FreeBSD server (no
asterisk, hence the OT) with the help of a friend from the VoIP Users
Conference and Asterisk community.

After a lot of new learning about regex, I extended the actions and
filters to look at our mail server, plagued by spammers - who isn't?
Our server has a unique setup now. The customer found a spam filtering
service that works VERY well as the MX for the domain. Their server
then connects to ours to deliver. Obviously, the IPs of that service
are entered as RELAY in the sendmail config. Here is my question:

We are still getting a lot of direct spam. Being that only account
holders and the spam filtering servers should be connecting, I started
blocking various connections bith in /etc/mail/access and in pf.
However, I soon saw that I'll need to block the en tire Internet IP
space. Blocking by IP is a problem for a small number of nomad users
whose IP may just be in China, Russia or Argentina at some point.

I was thinking of closing port 25 and using an alternate port (587?)
setup if the spam service is able to connect to an alternate port.
That way, the users can also change their configs to 587 and most
spammers will be trying 25 which is closed.

Is this a tenable idea? What are your experiences and opinions?

tia

/r



More information about the asterisk-users mailing list