When it comes to the China, there is this thing called the “Great Firewall” which simply uses number of different blocking methods (or attack vectors) to limit access to the internet for certain individuals in China. In this post I’m describing about using them for our own wellbeing.
The simplest methods usually include blocking access by IP to certain servers to packet forging. So the technologies are generally used for governement censorship and for intelligence services.
If you’re a sysadmin or if you’ve any sort of server, connected to the internet and you actively maintain it, you’ve most likely made some statistics about bruteforcing attempts etc. from your log files (if you keep those), then you’ve most likely noticed that most of the malicious traffic usually comes from four major countries, which unsurprisingly are Russia, China, USA and France (thank you OVH).
One of the especially touching subjects in China are of course the Tiananmen Square protests at the time of writing this post and usually always things related to Tibet.
So how can I benefit from this?
Since censorship in the great firewall is based on both human decision, it does also automatical censorship based on keywords. This definitely means that we can trigger the firewall automatically by adding touchy keywords to traffic that leaves from our servers. I’m giving you a demonstration on a postfix MTA.
This, logically gives you protection from malicious traffic (from China), since your public IP address will be on firewall’s blocklist.
- Locate your main configuration file on postfix or many of the files, which define smtpd_banner rule. This is the greeting your postfix server gives when a client connect to it. It usully starts with “220 ….” so it basically states that the server is ready for exchange.
- Modify the rule to include touchy keywords and reload the postfix.
- See the traffic to your mail server drop and the greeting I use: