rate limiting mail server
Mark E Doner
nuintari at amplex.net
Mon Feb 23 21:24:21 PST 2009
Greetings,
I am running a fairly large mail server, FreeBSD, of course. It is
predominantly for residential customers, so educating the end users to
not fall for the scams is never going to happen. Whenever we have a
customer actually hand over their login credentials, we quickly see a
huge flood of inbound connections from a small handful of IP addresses
on ports 25 and 587, all authenticate as whatever customer fell for the
scam du jour, and of course, load goes through the roof as I get a few
thousand extra junk messages to process in a matter of minutes.
Thinking about using PF to rate limit inbound connections, stuff the hog
wild connection rates into a table and drop them quickly. My question
is, I know how to do this, PF syntax is easy, but has anyone ever tried
this? How many new connections per minute from a single source are
acceptable, and what is blatantly malicious? And, once I have determined
that, how long should I leave the offenders in the blocklist?
Any thoughts appreciated,
Mark
More information about the freebsd-isp
mailing list