rate limiting mail server

Ben Plimpton bplimpton at sopris.net
Tue Feb 24 09:36:36 PST 2009

If you're using sendmail, you could check into "milter-limit".


On Feb 23, 2009, at 10:13 PM, Mark E Doner wrote:

> Greetings,
>   I am running a fairly large mail server, FreeBSD, of course. It is  
> predominantly for residential customers, so educating the end users  
> to not fall for the scams is never going to happen. Whenever we have  
> a customer actually hand over their login credentials, we quickly  
> see a huge flood of inbound connections from a small handful of IP  
> addresses on ports 25 and 587, all authenticate as whatever customer  
> fell for the scam du jour, and of course, load goes through the roof  
> as I get a few thousand extra junk messages to process in a matter  
> of minutes.
> Thinking about using PF to rate limit inbound connections, stuff the  
> hog wild connection rates into a table and drop them quickly. My  
> question is, I know how to do this, PF syntax is easy, but has  
> anyone ever tried this? How many new connections per minute from a  
> single source are acceptable, and what is blatantly malicious? And,  
> once I have determined that, how long should I leave the offenders  
> in the blocklist?
> Any thoughts appreciated,
> Mark
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"

More information about the freebsd-isp mailing list