Mxallowd is a Linux/netfilter daemon that utilizes libipq to enable a better nolisting mechanism. It implements an optimized approach to improve IP address filtering for Linux servers.
If you're looking for a netfilter daemon to improve your nolisting mechanism, look no further than mxallowd. This software, which uses libipq, blocks spammers from connecting directly to your first mailserver by requiring your nameserver to return two MX IP addresses, one of which doesn't run a mail server on port 25. Mxallowd ensures that only legitimate mail servers try all IP addresses in order until they're able to deliver mail, while spammers are blocked from connecting directly to the first mail server.
One problem with nolisting is that some spammers attempt to connect directly to the second MX. Mxallowd prevents this by requiring that users connect to the first mailserver, then the second. Real mailservers aren't affected, as they'll always try all IP addresses in order until they're successful, while spammers are unable to connect.
While this issue could be solved with iptables and ipt_recent, this wouldn't work for providers like Google Mail whose DNS name has different IP addresses in order. Mxallowd whitelists all IP addresses associated with the DNS name, with the option to exclude certain IPs using the --no-rdns-whitelist option.
To set up mxallowd, simply add the following iptables rule: iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j QUEUE. If this fails, you may need to add the queue module to your kernel using modprobe ip_queue. You can modify the rule to handle certain IPs or accept connections from specific IPs by adding -j ACCEPT at the end. Overall, mxallowd is a great solution for improving your nolisting mechanism and reducing spam on your mail server.
One problem with nolisting is that some spammers attempt to connect directly to the second MX. Mxallowd prevents this by requiring that users connect to the first mailserver, then the second. Real mailservers aren't affected, as they'll always try all IP addresses in order until they're successful, while spammers are unable to connect.
While this issue could be solved with iptables and ipt_recent, this wouldn't work for providers like Google Mail whose DNS name has different IP addresses in order. Mxallowd whitelists all IP addresses associated with the DNS name, with the option to exclude certain IPs using the --no-rdns-whitelist option.
To set up mxallowd, simply add the following iptables rule: iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j QUEUE. If this fails, you may need to add the queue module to your kernel using modprobe ip_queue. You can modify the rule to handle certain IPs or accept connections from specific IPs by adding -j ACCEPT at the end. Overall, mxallowd is a great solution for improving your nolisting mechanism and reducing spam on your mail server.
What's New
Version 1.8: N/A