Welcome to Server Circle. It's a friendly site and all levels of experience are welcome. Be aware that we use cookies for your login.
Server Circle - Ask questions about Servers and get answers from experts.
Beta (0.34 sec)
Slow down an email flood attack with IPtables

Sometimes we get sent loads of emails at once and I'd like to slow them right down so it doesn't ruin my mail servers.

Can IPtables do this ?
Asked by:
poppy
1375 points
 Report Abuse
 Share Page - Category: Server Firewalls - Tags: Slow down an email flood attack with IPtables
 Enter your response
Please use Pastie.org to paste lengthy code or to fix formatting issues with code
  • Responses in reverse (1)

Best Answer

Here's an IPtables rate limiting script for email. Just adjust the port number to rate limit any other port.

# Limit the number of incoming port 25 tcp connections

iptables -A INPUT -p tcp --dport 25 -m limit --limit 100/m --limit-burst 3 -j ACCEPT

iptables -A INPUT -p tcp --dport 25 -m limit --limit 100/m --limit-burst 3 -j LOG --log-prefix SMTP-DROP:

iptables -A INPUT -p tcp --dport 25 -j DROP

iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT

You can also use the recent module in IPtables. Some distros (like Gentoo) won't include it as default (along with others): http://www.debian-administration.org/articles/187

Response by:
Trinity
2782 points


  • Related Questions





About Us : Contact Us : Etiquette : Terms : CDN Failover : ShorterURL : CDN Fallback : © 2013 Server Circle