mxallowd 1.8

mxallowd is a daemon for linux/netfilter (using libipq) which implements a slightly improved nolisting mechanism.
mxallowd is a daemon for netfilter (using libipq) which implements a slightly improved nolisting mechanism. Basically your nameserver has to be configured to return two MX ip addresses of which one does not run a mail server on port 25 (the one with higher priority).

Most spammers try to connect directly to the first mailserver � mxallowd blocks that. You have to connect to the first one and then to the second one, direct connections do not work. Real mailservers (not spammers) have to try all MX ip addresses in order (sorted by priority) until they succeed in delivering the mail.

The problem with nolisting is that some spammers try (probably because of the nolisting) to connect directly to the second MX ("direct-to-second-mx"). This is where mxallowd turns in: You cannot connect to the second mailserver aswell, except if you have tried connecting to the first mailserver before (you are whitelisted then).

This problem could be solved using iptables with the module ipt_recent aswell, if it wasn't for one little detail: Some providers (for example Google Mail) use the same DNS name but different ip addresses when trying the mailservers in order. So ipt_recent, which works solely using ip addresses, does not let mails from Google Mail through. mxallowd in contrary whitelists all ip addresses of the DNS name (except if you specify the option --no-rdns-whitelist of course).

Setup

In order to let mxallowd handle the connections, one has to add the following iptables-rule:

iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j QUEUE

If inserting this rule fails you have to insert the queue module into the kernel using modprobe ip_queue.

You can modify this rule of course to handle, for example, only certain ip addresses or to accept connections from certain ip addresses (whitelisting, use -j ACCEPT at the end of the rule).

last updated on:
September 22nd, 2009, 4:10 GMT
price:
FREE!
developed by:
Michael Stapelberg
homepage:
michael.stapelberg.de
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Networking
mxallowd
Download Button

In a hurry? Add it to your Download Basket!

user rating 18

2.8/5
 

0/5

Rate it!
What's New in version 1.7
  • mxallowd is now correctly started in the background.
  • The pidfile is written correctly (using O_TRUNC).
read full changelog

Add your review!

SUBMIT