rate limiting mail server
Ben Plimpton
bplimpton at sopris.net
Tue Feb 24 09:36:36 PST 2009
If you're using sendmail, you could check into "milter-limit".
Ben
On Feb 23, 2009, at 10:13 PM, Mark E Doner wrote:
> Greetings,
> I am running a fairly large mail server, FreeBSD, of course. It is
> predominantly for residential customers, so educating the end users
> to not fall for the scams is never going to happen. Whenever we have
> a customer actually hand over their login credentials, we quickly
> see a huge flood of inbound connections from a small handful of IP
> addresses on ports 25 and 587, all authenticate as whatever customer
> fell for the scam du jour, and of course, load goes through the roof
> as I get a few thousand extra junk messages to process in a matter
> of minutes.
>
> Thinking about using PF to rate limit inbound connections, stuff the
> hog wild connection rates into a table and drop them quickly. My
> question is, I know how to do this, PF syntax is easy, but has
> anyone ever tried this? How many new connections per minute from a
> single source are acceptable, and what is blatantly malicious? And,
> once I have determined that, how long should I leave the offenders
> in the blocklist?
>
> Any thoughts appreciated,
> Mark
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list