TranscendLinux.com

Use the modified qmHandle's qmHandle -tt to see the top senders/recipients. Look at one of the spam messages and look at the Received line, which will either show you a UID or received from network.

If it shows you a UID, then the spam is coming from a compromised script.

Sometimes it is desirable to force the use of a specific IP address by certain types of traffic, or services which may not allow configuration of such settings. Fortunately, iptables can do this easily. A couple of examples:

Make all outgoing traffic on eth0 come from 127.23.0.4:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 127.23.0.4

Or, for a more specific example, make all outgoing SMTP connections come from 127.23.0.4:

iptables -t nat -A POSTROUTING -p tcp -s ! 127.0.0.1 --dport 25 -j SNAT --to-source 127.23.0.4

pam_abl (the pam auto blacklist module) is a great way to protect against brute force attacks. It works by keeping track of failed login attempts, and blacklisting hosts (and/or users) that exceed a specified number of failed logins.

In order to set up port forwarding on IPtables, you can use the following (for forwarding one tcp port to another):

iptables -t nat -A PREROUTING -p tcp --dport [port to forward] -j DNAT --to [destination ip]:[destination port]

For example, to forward from port 26 to port 25 (a fairly common practice) on 192.168.1.37 you'd use:

iptables -t nat -A PREROUTING -p tcp --dport 26 -j DNAT --to 192.168.1.37:25

Note that this rule will be added in the nat table, so won't show up on a standard iptables -L -v, and iptables -F won't clear it (you'll need to use iptables -t nat -L -v / iptables -t nat -F).