* How can I ask IPTABLES to drop a packet based upon its content @ 2003-08-06 9:37 Deshwal Chand 2003-08-06 9:50 ` Eric Leblond 2003-08-06 12:53 ` Whit Blauvelt 0 siblings, 2 replies; 4+ messages in thread From: Deshwal Chand @ 2003-08-06 9:37 UTC (permalink / raw) To: Netfilter (E-mail) [-- Attachment #1: Type: text/plain, Size: 323 bytes --] Hi, I am running IPTABLES on Redhat 7.2 box. We are running a mail server behind this firewall. We receive lot of spam e-mails. Instead of investing into the anti-spam s/w, I want to configure the IPTABLES to read the contents on the packets and drop them based upon the filter defined. Any help ...... Regards, Chand [-- Attachment #2: Type: text/html, Size: 877 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How can I ask IPTABLES to drop a packet based upon its content 2003-08-06 9:37 How can I ask IPTABLES to drop a packet based upon its content Deshwal Chand @ 2003-08-06 9:50 ` Eric Leblond 2003-08-06 12:53 ` Whit Blauvelt 1 sibling, 0 replies; 4+ messages in thread From: Eric Leblond @ 2003-08-06 9:50 UTC (permalink / raw) To: Netfilter (E-mail) [-- Attachment #1: Type: text/plain, Size: 547 bytes --] On Wed, 2003-08-06 at 11:37, Deshwal Chand wrote: > Hi, > > I am running IPTABLES on Redhat 7.2 box. We are running a mail server > behind this firewall. We receive lot of spam e-mails. Instead of > investing into the anti-spam s/w, I want to configure the IPTABLES to > read the contents on the packets and drop them based upon the filter > defined. You can use the the string module to do so (in POM) But a really better choice is to install a spam software like spamassassin. BR, -- Eric Leblond <eric@regit.org> Regit.org [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How can I ask IPTABLES to drop a packet based upon its content 2003-08-06 9:37 How can I ask IPTABLES to drop a packet based upon its content Deshwal Chand 2003-08-06 9:50 ` Eric Leblond @ 2003-08-06 12:53 ` Whit Blauvelt 2003-08-06 18:01 ` Alistair Tonner 1 sibling, 1 reply; 4+ messages in thread From: Whit Blauvelt @ 2003-08-06 12:53 UTC (permalink / raw) To: Deshwal Chand; +Cc: Netfilter (E-mail) You might find it much easier, although still a lot of work, to install a relaying mail server on the firewall that uses SpamAssassin and Razor called from the MIMEDefang milter in sendmail. I've also seen a Webpage somewhere on doing this using Qmail and SpamAssassin (you might google for it). This is all free software - the only investment is your time. Asking iptables to do it is putting the load in the wrong place, and failing to take advantage of the work already done in using mail daemons for this task. Whit On Wed, Aug 06, 2003 at 03:07:31PM +0530, Deshwal Chand wrote: > Hi, > > I am running IPTABLES on Redhat 7.2 box. We are running a mail server behind > this firewall. We receive lot of spam e-mails. Instead of investing into the > anti-spam s/w, I want to configure the IPTABLES to read the contents on the > packets and drop them based upon the filter defined. > > Any help ...... > > > Regards, > > Chand ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How can I ask IPTABLES to drop a packet based upon its content 2003-08-06 12:53 ` Whit Blauvelt @ 2003-08-06 18:01 ` Alistair Tonner 0 siblings, 0 replies; 4+ messages in thread From: Alistair Tonner @ 2003-08-06 18:01 UTC (permalink / raw) To: Whit Blauvelt, Deshwal Chand; +Cc: Netfilter (E-mail) On August 6, 2003 08:53 am, Whit Blauvelt wrote: > You might find it much easier, although still a lot of work, to install a > relaying mail server on the firewall that uses SpamAssassin and Razor > called from the MIMEDefang milter in sendmail. I've also seen a Webpage > somewhere on doing this using Qmail and SpamAssassin (you might google for > it). This is all free software - the only investment is your time. > > Asking iptables to do it is putting the load in the wrong place, and > failing to take advantage of the work already done in using mail daemons > for this task. > > Whit > > On Wed, Aug 06, 2003 at 03:07:31PM +0530, Deshwal Chand wrote: > > Hi, > > > > I am running IPTABLES on Redhat 7.2 box. We are running a mail server > > behind this firewall. We receive lot of spam e-mails. Instead of > > investing into the anti-spam s/w, I want to configure the IPTABLES to > > read the contents on the packets and drop them based upon the filter > > defined. > > > > Any help ...... > > > > > > Regards, > > > > Chand Although it was a LOT of work and fair trial for me, (not being a sendmail or QMail guru) I've got Qmail and spamassasin working using the spamassassin filtering for spam and an antivirus scanner working as well... this requires some serious CPU horsepower under load, but in many small business cases can be done with your average desktop class power. I haven't pushed the application yet, but I did grab about 350 mixed test mails and throw them at it once to see how long it would take to process. It loaded the box, and took about 8 minutes to process the works on an AMD 1500 cpu, 756Mb ram, IDE disks and about 75% of that was the time for the AV scanner to process several large zip files, which actually contained virus triggers (not real viruses, but code that should trigger virus scanners) The above has a $0 cost in terms of software code, but can be supported for a nominal fee if required. (and b-t-w it beat the daylights outta the MS implementation that work has.) I REALLY don't recommend using IPTABLES with string matching to try and replace spam filtering. You MIGHT consider using IPTABLES, and RTBH to filter based on ip addresses of known spammers, but I'm not sure that someone has come up with an effective manner of combining these tools yet. -- Alistair Tonner nerdnet.ca Senior Systems Analyst - RSS Any sufficiently advanced technology will have the appearance of magic. Lets get magical! ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-08-06 18:01 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-08-06 9:37 How can I ask IPTABLES to drop a packet based upon its content Deshwal Chand 2003-08-06 9:50 ` Eric Leblond 2003-08-06 12:53 ` Whit Blauvelt 2003-08-06 18:01 ` Alistair Tonner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.