Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th November 2007, 22:16
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Question Prevent all mail going to domain?

I would like to stop all mail from going to one of my domains. This domain is purely a website and has no MX record.

The problem is that spammers are sending mail to the domain and it causes Spamassassin and Clamav to use system resources. Sometimes the spam makes it through and I get it via my catchall account.

Is there a way to quietly discard all mail sent to a domain or maybe block ports 25, 110 & 143 for a single domain?

Another option would be if I could block all incoming mail except from specific IP addresses. We have a external service that filters all of our incoming mail. We use their domain in our MX record already but it does not cover all of my domains.

Today my Postfix mailqueue went up to levels I have never seen and both Spamassassin and Clamav are going crazy using resources. It appears I am under some sort of DDOS attack via mail.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography

Last edited by wpwood3; 15th November 2007 at 22:40.
Reply With Quote
Sponsored Links
  #2  
Old 15th November 2007, 22:52
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default How do I do this?

Ok, I contacted my email filtering company and they told me what to do but, I don't know exactly how to implement their recommendations. I assume I need to change something in the iptables configuration but I'm not sure.

Here's what they told me to do:
-------------------------------

Locking Down your Mail Servers

In order to prevent senders from bypassing filtering by connecting directly to yoursite.com mail servers, it is recommended that the yoursite.com mail servers be locked down so that they only accept SMTP traffic from the filtering service mail servers. For your reference, the IP subnets currently hosting filtering service mail servers are listed below. Filtering Service IP Subnets

Use One of the Approved Settings

Preferred Firewall IP Setting

208.65.144.0/21
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography

Last edited by wpwood3; 15th November 2007 at 23:03.
Reply With Quote
  #3  
Old 15th November 2007, 23:03
smackYYZ smackYYZ is offline
Junior Member
 
Join Date: Jan 2007
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Default

I'm not aware how you can block smtp for only one domain in ISPconfig.

SPAM is a big issue with us also, what we do is run a mailproxy using qpsmptd and point all of our MX records to it. We've worked on it's configuration over the last year and have it blocking almost 98% of the spam before it hits our smtp server. Right now it is blocking about 40,000 spam messages a day.

Another idea would be if this domain is to truly not to get ANY email, add a MX record for it and point it to one of your servers that has the SMTP port blocked.
Reply With Quote
The Following User Says Thank You to smackYYZ For This Useful Post:
wpwood3 (15th November 2007)
  #4  
Old 15th November 2007, 23:20
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default

Quote:
Originally Posted by smackYYZ
I'm not aware how you can block smtp for only one domain in ISPconfig.

SPAM is a big issue with us also, what we do is run a mailproxy using qpsmptd and point all of our MX records to it. We've worked on it's configuration over the last year and have it blocking almost 98% of the spam before it hits our smtp server. Right now it is blocking about 40,000 spam messages a day.

Another idea would be if this domain is to truly not to get ANY email, add a MX record for it and point it to one of your servers that has the SMTP port blocked.
How did you prevent mail from reaching your mail servers without going through the proxy?
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #5  
Old 15th November 2007, 23:42
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default

Ok, here's what I have done:

I added an MX record in the domain that should not be receiving mail.
That MX record points to my mail filtering service who only accept mail for one of my other domains.

The mail attack has stopped. I don't know if the MX record fixed the problem or the attackers just gave up!
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #6  
Old 15th November 2007, 23:47
smackYYZ smackYYZ is offline
Junior Member
 
Join Date: Jan 2007
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Default

The mail server is only used for email and nothing else. So we only have to tell the proxy server and internal servers that need to use it, are the only ones that know the location of the mailserver.

SO I have one ISP config server for hosting some of my small domains and a separate one which hosts just email for my larger sites. And by publishing a MX record for every domain and having them all point to the proxy, the spammers have a target which can handle them.

qpsmtpd is VERY configurable, and very resource light, and I keep it pretty simple. Running on a celeron 700Mhz, 256MB ram, it never uses more then 70% CPU or uses swap. I don't do any user account validation, I let the smtpd server handle what gets through. I limit the number of connections from a single ip to 1, limit the number of concurrent connections to 20, a bunch or Perl pluggins that do the RBL lookups and other filtering, then spamassassin annd clamav.

What makes it through gets forwarded to the smtpd server and it likes it that way.
Reply With Quote
  #7  
Old 15th November 2007, 23:56
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default

So it sounds like the only thing you had to do on your ISPConfig server was to create an MX record that points to your mail proxy?

That sounds like the same thing I just did a few moments ago. We use a company, MX Logic, to filter all of our incoming mail for viruses. They will only pass "clean" mail to our ISPConfig server that is addressed to specific email addresses. Everything else is filtered out and never reaches us. It does basically the same thing your proxy does.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #8  
Old 16th November 2007, 00:50
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
 
Default

If you look at the attached picture you can see the affect of the mail attack on my server load. (circled in red). The attack lasted from about 3pm to 5pm today.

The spikes between 4am and 5am are from my normal cron backup procedures.
Attached Images
 
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix & mail forwarding loop varnik Server Operation 21 9th December 2008 15:13
Postfix reject connections gabrix Server Operation 27 25th January 2007 08:37
postfix-tls sasl2 mysql courier-authmysql gabrix Server Operation 4 12th January 2007 22:09
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47


All times are GMT +2. The time now is 13:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.