Limit SMTP connections for OpenVZ VPS

I’ve started renting out some OpenVZ VPSs for a few people and wanted to make sure that they couldn’t be used to send spam. One of the easiest ways to do this is just to limit the number of outbound smtp connections allowed from the VPS using iptables.

I used the following iptables rules on the OpenVZ host node to accomplish this –

# Limit number of SMTP connections from Mail Server
<br>iptables -A FORWARD -o eth0 -p tcp -s --dport 25 -m limit --limit 3/minute -m state --state NEW -j ACCEPT
<br># iptables -A FORWARD -o eth0 -p tcp -s --dport 25 -m state --state NEW -j LOG
<br>iptables -A FORWARD -o eth0 -p tcp -s --dport 25 -m state --state NEW -j DROP

The ip address is the ip address of the VPS. The optional log rule in the middle (that’s commented out) is useful when you are setting this up so you can check that packets are actually begin affected by the rules.