Simple tarpiting based on smtp errors using iptables

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Simple tarpiting based on smtp errors using iptables

Georgy Goshin
Hi,

Looking for a simple solution that will place iptables rule for ip address
from where was a lot of NOQUEUE errors and clear this ban after, for
example, 15 minutes. Is there any ready solutions for it?

Thanks,
G.

Reply | Threaded
Open this post in threaded view
|

Re: Simple tarpiting based on smtp errors using iptables

Arne Hoffmann-2
Georgy Goshin wrote:
> Looking for a simple solution that will place iptables rule for ip address
> from where was a lot of NOQUEUE errors and clear this ban after, for
> example, 15 minutes. Is there any ready solutions for it?

Yes, it's called fail2ban.
Reply | Threaded
Open this post in threaded view
|

Re: Simple tarpiting based on smtp errors using iptables

Jorey Bump
In reply to this post by Georgy Goshin
Georgy Goshin wrote, at 06/07/2008 04:01 PM:

> Looking for a simple solution that will place iptables rule for ip
> address from where was a lot of NOQUEUE errors and clear this ban after,
> for example, 15 minutes. Is there any ready solutions for it?

Nolisting requires little or no maintenance once configured:

  http://nolisting.org/

Selective Unlisting allows you to target specific problem networks and
block hosts that do not access your MX hosts in order (too aggressive to
apply globally):

  http://unlisting.org/selective.html

While these approaches do not specifically address NOQUEUE errors, they
are likely to prevent connections from many of the bad hosts that cause
them.

Blocking based on NOQUEUE errors is actually pretty dangerous, as it
would be trivial to DoS your site either remotely (for example, send to
an unknown user from a major ESP, like gmail) or locally (for example,
change your configuration by inserting a before queue filter). There are
many ways this could produce false positives.