All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Blocking OutGoing Mail
Hi.
I currently have a OpenVPN Server running on a VPS that I shared with a few friends so we can stream netflix without being throttled by ISP.
One of my users PC's was infected and was sending spam mails so the VPS Host suspended it.
They gave it back to me after I told them they can wipe it.
My question is will the following IpTables block all out going mail so even if a PC is infected in the future it wont be able to send spam mails?
These are common mail ports
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
iptables -A OUTPUT -p tcp --dport 587 -j REJECT
iptables -A OUTPUT -p tcp --dport 465 -j REJECT
iptables -A OUTPUT -p tcp --dport 2526 -j REJECT
iptables -A OUTPUT -p tcp --dport 110 -j REJECT
iptables -A OUTPUT -p tcp --dport 143 -j REJECT
iptables -A OUTPUT -p tcp --dport 993 -j REJECT
Comments
Yes, I use this on my free webhosting server and no emails have been delivered!
Thanks
Why not block all ports, except the ones you need. There is more that can go wrong, except for e-mail.
The only iptables rule that prevents direct outbound email in that list is the first. The next two prevent common relay ports, which can help. 2526 isn't so common of a relay port, and the rest only affect POP/IMAP, which cannot be used for mail delivery in any way.
What would be the best way to do that?
iptables -A OUTPUT -j DROP
Why don't you route only the netflix IP adresses to go through the VPN?
108.175.32.0 255.255.240.0 208.75.76.0 255.255.252.0 64.212.0.0 255.252.0.0 199.92.0.0 255.252.0.0 206.32.0.0 255.252.0.0 209.244.0.0 255.252.0.0 68.142.64.0 255.255.192.0 69.28.128.0 255.255.192.0 69.164.0.0 255.255.192.0 208.111.128.0 255.255.192.0 128.242.0.0 255.255.0.0 204.0.0.0 255.252.0.0 204.141.0.0 255.255.0.0 204.200.0.0 255.252.0.0 208.44.0.0 255.252.0.0
Yes, and then allow the ports you want.