Wednesday, December 5, 2012

Bulk email, SMTP Outgoing IP Rotator using iptables

 

i got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

First we need creating Interface aliases for those 5 public IPs.

 

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth0:1
Edit ifcfg-eth0:1
 
# vi ifcfg-eth0\:1
 
DEVICE=eth0 <-- default device
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.2 <-- default eth0 IP address
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX
Change DEVICE and IPADDR parameters
 
DEVICE=eth0:1 <-- device alias #1
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.3 <-- IP alias #1
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX
 
We can continue with next interfaces for IP aliases same way as mention above.
when we were done, bring those IP aliases up.


#ifup eth0:1
#ifup eth0:2
#ifup eth0:3
#ifup eth0:4
......
next interfaces
 
#ifconfig
eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
          inet addr:202.XXX.XX.2  Bcast:202.XXX.XX.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:598678 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:49088016 (46.8 MiB)  TX bytes:7707579 (7.3 MiB)
 
eth0:1    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
          inet addr:202.XXX.XX.3  Bcast:202.XXX.XX.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
eth0:2    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
          inet addr:202.XXX.XX.4  Bcast:202.XXX.XX.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
eth0:3    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
          inet addr:202.XXX.XX.5  Bcast:202.XXX.XX.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
......
and so on
There’s no particular configuration need to adjust in postfix.
Now the iptables part.make sure your iptables support for statistic match module
# iptables -m statistic -h
......
......
......
statistic match options:
 --mode mode                    Match mode (random, nth)
 random mode:
 --probability p                 Probability
 nth mode:
 --every n                       Match every nth packet
 --packet p                      Initial counter value (0 <= p <= n-1, default 0)

Next continue with iptables rule for rotating source IP addresses.







# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6

 
 
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)