iptables configuration for smtp allow?

[Net_Spy]

Greetings...
I've just installed sendmail along with spamassisn ,dcc and calmav and little tutorial on that so that I prevent my mailserver to get spam let me tell u that I dont have mx record for my mailserver I just need to forward mails on net .

I need a little assistance regarding iptables rule cause I'm new to it . here is my senerio I have test file which include those clients ip whom i wanted to give the access of smtp

10.10.10.30
10.10.10.56

file contains ip address in above format . now all i want is to allow those client via iptables that reads the file and also limit them not to send more then 25 mails in per hours and drop remaining connection who are not in my list . Eth0 is my wan and Eth1 is my lan interface. Looking forward forward for your kind response

Regards
Net_Spy

[Bones McCracker]

How to get started with IPTables:
http://security.maruhn.com/

An IPTables primer:
http://www.higherpass.com/linux/Tutorials/Iptables-Primer/1/

A more in-depth IPTables tutorial:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

IPSets might be useful in the scenario you describe:
http://ipset.netfilter.org/

The netfilter home page -- all kinds of knowledge waiting for your thirsty mind to soak it up like a sponge:
http://www.netfilter.org/

First of all, note that iptables is a "packet filter". It filters packets, not email messages. It doesn't understand the concept of a "mail message", so you can't easily use it to limit people to "25 mails per hour" (as far as I know). You can limit them to X connections per time period, or Y packets (or bytes) per time period. If you really need to limit the number of messages per hour, you should look into using something like procmail.
http://www.procmail.org/

If you do want to use iptables, I would advise you to think in broader terms about what your requirement really is. IPTables has a "limit" match, but to use it for your requirement, you'd have to write one rule per IP address. That's not what you had in mind, I'm sure. You can probably achieve something similar that will be much more efficient by using the "recent" match or the "quota" match (you can read about them in the references).

As to using a separate file, you can use something called "ipsets" that include all the ip addresses. They get stored in RAM very efficiently for extremely rapid processing. If you have a list of many ip addresses to compare to, this would be useful.

IPTables may not be the solution to your requirement. Packet filters aren't very efficient at discriminating automatically between individual remote systems. However, something that does work that way automatically is QOS (i.e. "traffic control", or "traffic shaping"). Traffic shaping, which is a function that involves iptables but happens outside of it, CAN discriminate between individual remote systems, and it even includes "fairness" algorithms (for example, stochastic fairness queing), designed to ensure each system within a class of traffic gets a "fair" share of the bandwidth. It can also limit the rate of traffic from a given source. But again, we're talking about packets or connections here, not "mail messages". At any rate, I mention it because there is probably a way to use traffic shaping to achieve your requirement, although it would be something of a perversion of it's intended function (which is to prioritize traffic and allocate bandwidth).

Bottom line: I would look into using procmail and similar tools. If there's not a canned function to handle what you want, you can easily write a script to do it.

[Net_Spy]

I've added few host for spam servers in my sendmails
here are they

[Bones McCracker]

http://spamlinks.net/filter-dnsbl-lists.htm