Skip to content

Logging Outbound SMTP Traffic Using iptables

iptables -I OUTPUT -p tcp --dport 25 -o eth0 -j LOG --log-level info --log-prefix 'iptables smtp: '

If this is a defensive setting – monitoring for a host being used as a spam bot, for example – you may want to consider rate-limiting outbound SMTP traffic first, to prevent your log partition from being filled (and limit the damage done by a compromised host in the first place):

iptables -I OUTPUT -p tcp --dport 25 -o eth0 -m state --state NEW -m limit --limit 1/minute --limit-burst 2 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -o eth0 -m state --state NEW -j DROP
Post a comment Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Saturday, March 17, 2012, at 8:36 pm by admin. Filed in Linux and tagged , , , , .

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*