Saturday, July 8, 2017

email - How to block IP addresses from port 25

PROBLEM: Users are getting 15-20 SPAM emails per hour, even with SpamAssassin set to its most aggressive settings



SOLUTION: SPAM filtering services are available from companies like McAfee (Intel). These services work by changing the domain MX record to point to the McAfee servers; McAfee filters the email and returns it to our HostGator private server on port 25.




NEW PROBLEM: Spammers are ignoring our MX records and delivering email directly to port 25 of our domain host (e.g. yourdomain.com) … so SpamAssassin is useless and we can’t use an outside Spam Service. If we can’t fix this we will be forced to move all the domains on our Private Server to a GoDaddy Exchange Server (Exchange implements the solution proposed below).



PLATFORM: I'm using a dedicated server that I lease through HostGator. The server is running CentOS with a WHM / cPanel setup. I'm hoping to find some sort of script / plugin that will allow me to block all IP addresses (except ones that I choose to allow) from port 25 on SOME domains but not all domains (since some users aren't using McAfee as a 3rd party solution).



PROPOSED SOLUTION: McAfee recommends that participating domains (not all domains will use an external SPAM service) deny SMTP access to all mail servers (clients can still access via SMTP AUTH) … EXCEPT for an ALLOW block containing IP Addresses of authorized McAfee servers. This is evidently the solution Exchange uses.



QUESTION: Is there a way to do this? HostGator has been ZERO help to me whatsoever. They just keep telling me to use SpamAssassin, which I don't want to use.



I guess I'm just perplexed by this. I can't be the ONLY person experiencing this issue, yet no matter how much I Google it there doesn't seem to be any clear cut answer. Spammers are bypassing my MX records (which are pointed to McAfee spam solutions) and therefore avoiding the spam filters altogether, hence blowing up my inbox with all this spam. As I understand it, Exchange servers work by denying ALL IPs on port 25 except for the IPS of the third party spam solution. Now I know I don't have an Exchange server, but isn't there an easy way to do this on my server?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...