rate limiting mail server
Trey Briggs
tbriggs at apid.com
Mon Feb 23 22:07:10 PST 2009
I'm currently using a postfix-policyd-sf with an
'smtpd_restriction_classes' line setup in postfix to catch outbound
traffic. I limit users to 250 outbound messages an hour, if this is hit
3 times, I block the IP for 12 hours. This has kept our servers off of
all blacklists for 6 months now, and only incurred the wrath of a small
handful of our customers :) .
-Trey
Mark E Doner wrote:
> Greetings,
> I am running a fairly large mail server, FreeBSD, of course. It is
> predominantly for residential customers, so educating the end users to
> not fall for the scams is never going to happen. Whenever we have a
> customer actually hand over their login credentials, we quickly see a
> huge flood of inbound connections from a small handful of IP addresses
> on ports 25 and 587, all authenticate as whatever customer fell for
> the scam du jour, and of course, load goes through the roof as I get a
> few thousand extra junk messages to process in a matter of minutes.
>
> Thinking about using PF to rate limit inbound connections, stuff the
> hog wild connection rates into a table and drop them quickly. My
> question is, I know how to do this, PF syntax is easy, but has anyone
> ever tried this? How many new connections per minute from a single
> source are acceptable, and what is blatantly malicious? And, once I
> have determined that, how long should I leave the offenders in the
> blocklist?
>
> Any thoughts appreciated,
> Mark
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
>
More information about the freebsd-isp
mailing list