Tom, I'm not aware of a good way to do this in iptables. It's really needs to be done by an SMTP service. Usually systems like this are fronted by a mechanism like amavisd that intercepts the smtp traffic, filters it through various mechanisms (spamassassin et al) and finally hands it over to the real SMTP server. The load on some of those mechanisms can be pretty high and very susceptible to attacks.
You might consider one of two things: 1). Use a 3rd party filtering service and only accept SMTP traffic from their IP addresses (this usually gives you some buffering as well if you have an internet connection that goes down). Most are reasonably priced, typically a couple of $$ per mailbox. 2). Use a more full-featured firewall such as an Astaro gateway. These things are slick, but definitely cost more than free. I don't see us adding this as a feature in AstLinux. Darrick -----Original Message----- From: Tom Chadwin [mailto:nnpait.servi...@googlemail.com] Sent: Wednesday, April 04, 2012 2:28 AM To: 'AstLinux Users Mailing List' Subject: [Astlinux-users] Incoming mail/spam Hello all As some of you might have gathered, I'm trying to find out whether we can replace our firewalls with AstLinux. Most features we need probably are present in Astlinux, with two notable exceptions. Firstly, our current firewall is a web proxy and filter. I don't think this role will ever be fulfilled by AstLinux (though AIF's to-do lists it - http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=arti cle&id=48&Itemid=79). I am therefore investigating OpenDNS as a potential filtering route. However, the one remaining function for which our current firewall is invaluable is SMTP-level spam protection. We are currently only using two techniques available on the box (RBL and greylisting, no content scanning at all), but that is blocking around 45,000 spams a day, and letting in our approx. 1000 legit emails. These numbers show you how crucial this function is for us. I've had a very quick look at Arno's Firewall, and can see no mention of these features. Is this something anyone has looked at? Or can anyone suggest an approach which might help us? Many thanks as always Tom ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.