IPTABLES: Prevent a server from spamming out

Your server can somehow be compromised and used to spam (email): if it’s a cloud or a dedicated server subscribed from a decent provider, they will notify you about that (i speak from experience here :-))

Any way to prevent yourself from that or to block back in case you are facing it already, here are simple iptables rules

#! /bin/bash
#author Zoumana TRAORE zoumana.traore@africasys.com
#This program is under GPL v3 License 
#block outgoing email traffic except your corporate or APIs ones

#... All you others iptables policies & rules ...

#BLOCK OUTGOING EMAIL (avoid spamming campaign from server)
iptables -I OUTPUT 1 -p tcp --dport 25 -j REJECT
iptables -I OUTPUT 1 -p tcp --dport 587 -j REJECT
iptables -I OUTPUT 1 -p tcp --dport 2525 -j REJECT
iptables -I OUTPUT 1 -p tcp --dport 4065 -j REJECT
iptables -I OUTPUT 1 -p tcp --dport 25025 -j REJECT
iptables -I OUTPUT 1 -p tcp -d  smtp.arcep.bf -j ACCEPT
iptables -I OUTPUT 1 -p tcp -d  mail.arcep.bf -j ACCEPT
iptables -I OUTPUT 1 -p tcp -d  arcep.bf -j ACCEPT

Also you shouldn’t consider these measures as sufficient. In addition to that, you should think about installing:

An Anti-Malware such as malware-detect an put it in CRON for regular scans

0 0 */1 * * root /etc/init.d/malware-scaner.sh > /tmp/malware-scanner.log

http://www.rfxn.com/projects/linux-malware-detect/

A Bandwidth Monitoring Tool such as bandwidthd to monitor you outgoing SMTP traffic

http://bandwidthd.sourceforge.net/

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s