rate limiting mail server
muhammad usman
usmanbsd at yahoo.com
Thu Mar 5 15:27:48 PST 2009
In any case implementing first layer of tcp syn proxy will be always useful, just one command for everyone.
http://www.openbsd.org/faq/pf/filter.html#synproxy
after that use any other layer of limitation as others suggested.
--- On Tue, 2/24/09, Mark E Doner <nuintari at amplex.net> wrote:
From: Mark E Doner <nuintari at amplex.net>
Subject: rate limiting mail server
To: freebsd-isp at freebsd.org
Date: Tuesday, February 24, 2009, 10:13 AM
Greetings,
I am running a fairly large mail server, FreeBSD, of course. It is
predominantly for residential customers, so educating the end users to not fall
for the scams is never going to happen. Whenever we have a customer actually
hand over their login credentials, we quickly see a huge flood of inbound
connections from a small handful of IP addresses on ports 25 and 587, all
authenticate as whatever customer fell for the scam du jour, and of course, load
goes through the roof as I get a few thousand extra junk messages to process in
a matter of minutes.
Thinking about using PF to rate limit inbound connections, stuff the hog wild
connection rates into a table and drop them quickly. My question is, I know how
to do this, PF syntax is easy, but has anyone ever tried this? How many new
connections per minute from a single source are acceptable, and what is
blatantly malicious? And, once I have determined that, how long should I leave
the offenders in the blocklist?
Any thoughts appreciated,
Mark
_______________________________________________
freebsd-isp at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to
"freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list