Many of you are interested in and have used or recommended fail2ban for your linux boxes. I finally installed it on our FreeBSD server (no asterisk, hence the OT) with the help of a friend from the VoIP Users Conference and Asterisk community.
After a lot of new learning about regex, I extended the actions and filters to look at our mail server, plagued by spammers - who isn't? Our server has a unique setup now. The customer found a spam filtering service that works VERY well as the MX for the domain. Their server then connects to ours to deliver. Obviously, the IPs of that service are entered as RELAY in the sendmail config. Here is my question: We are still getting a lot of direct spam. Being that only account holders and the spam filtering servers should be connecting, I started blocking various connections bith in /etc/mail/access and in pf. However, I soon saw that I'll need to block the en tire Internet IP space. Blocking by IP is a problem for a small number of nomad users whose IP may just be in China, Russia or Argentina at some point. I was thinking of closing port 25 and using an alternate port (587?) setup if the spam service is able to connect to an alternate port. That way, the users can also change their configs to 587 and most spammers will be trying 25 which is closed. Is this a tenable idea? What are your experiences and opinions? tia /r -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
