Skip to content

port

MailCleaner Spam Filter – How To Open a Port & Add IPTables Firewall Rules

MailCleaner is a nice Open Source Linux distribution that creates a spam filter appliance. It is designed to sit in between an email server and the internet and filter spam out of email using advanced rules, DNS RBL (realtime black list), and many other techniques. It also scans email for viruses. Although I no longer use MailCleaner (I have replaced it with ScrollOut F1), I remember coming across a big issue in the past that took me some time to figure out, so I thought I would share it.

Because MailCleaner is more or less an appliance, most aspects of the operating system are controlled by MailCleaner. A majority of the settings you need to change are easily available on the web interface, however firewall rules are not. MailCleaner is designed so that it manages all IPTables rules. If you manually add an IPTables rule from the command line, once it’s reloaded or the system is reboot, the rule is gone. That is because MailCleaner wipes out and reloads IPTables rules from data stored in its MySQL database. So, in order to open any additional ports, you must modify the database. I encountered this dilemma when I installed a remote monitoring client (the Nagios based Check_MK to be exact), and needed to open a port to allow the monitoring server to connect.

Lets assume I need to open up SSH (port 22) and RSYNC (port 873) and I only want my mail server’s IP, 1.2.3.4, to connect. Normally we would enter the following iptables commands:

sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 873 -j ACCEPT
sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 22 -j ACCEPT

But in this case, we cannot. The good news is the MailCleaner will do it for you if you add the correct info into the MySQL database. Here’s how you do that (from a command prompt on the MailCleaner server):

Click Here To Read The Entire Tutorial!

How to install Fail2Ban on CentOS 7 – Step by Step Guide

This is a how to on installing Fail2Ban on CentOS 7.  Fail2Ban is an incredibly useful, and often necessary, package that will automatically block IP addresses attempting to brute-force attack your server(s). For instance, with Fail2Ban installed, if an IP address attempts to brute-force login user “root” on your server, one a certain number of attempted logins is reached within a designated time period, it will automatically insert an IPtables rule into your firewall to block all access from that IP address for a specified period of time. Of course, you set all of these variables in the configuration file, which I’ll go into later on. I have yet to have a public facing server be online more than a day before a brute force attack of some sort is encountered. The best practice is to use secure passwords, with upper case, lower case, numbers and a few symbols. Never use dictionary based passwords. With effective, secure passwords it would take a very, very long time to gain access to a server by means of brute force, but it is possible. Regardless, it’s best to block these attacks from the beginning. It is all automated with Fail2Ban.

This guide assumes you have a CentOS 7 installation and have ran yum update.  It requires you have root SSH access to the server.

First, you need to install the EPEL repository.  Fail2Ban is not available from CentOS, with the available repositories.

cd /tmp

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/epel-release-7-5.noarch.rpm

Click here to keep reading this post