Getting auto-block to work

[Chris H]

On Sat, 1 Apr 2017 08:29:41 +1100 (EST) Dave Horsfall <dave at horsfall.org> wrote

> Does anyone have a PF rule that actually blocks woodpeckers?  I have this 
> rule:
> 
>     pass inet proto tcp from any to any port smtp \
>     flags S/SA keep state \
>     (max-src-conn 10, max-src-conn-rate 2/20, \
>     overload <woodpeckers> flush global)
I could never get that to work, either.

> 
> I understand that as being no more than twice in twenty seconds (which is 
> amply generous by my reading of the RFC), but it's not working; for 
> example, the latest problem-child is:
> 
>     Date: Mar 31 00:04:10 (v2UD3uT2070289)
>     from=<return at manualpratico.info>
>     relay=server1.manualpratico.info [186.251.128.25]
>     reject=450 4.7.1 <dave at horsfall.org>... I greylist .info
> 
>     Date: Mar 31 00:14:25 (v2UDEBaT070308)
>     from=<return at manualpratico.info>
>     relay=server1.manualpratico.info [186.251.128.25]
>     reject=450 4.7.1 <dave at horsfall.org>... I greylist .info
> 
> continuing every 15 seconds (and I've seen much worse) which I have 
> manually blocked ("pfctl -t woodpeckers -T add 186.251.128.25", but isn't 
> PF supposed to do that for me?
> 
> (And yes, Sendmail also has this non-working "feature", but that's OT.)
OFF TOPIC
The following works famously for me in my (hostname).mc file:

FEATURE(greet_pause, `6000')

as does:

define(`confCONNECTION_RATE_THROTTLE', `2')

HTH

As for OT; I'd have sent it to you off list. But your bouncing me.

--Chris