When should I worry about performance tuning?

Martin MATO martin.mato at orange.fr
Wed Mar 29 20:57:59 UTC 2017 

Greetings.

I don't understand some things.

your machine is a mail relay/server, or you haved a host without any firewall between him and the internet?

 

In the first case, you'll should prefer setting greylisting / tarpitting at minimum, feeding a firewall table for blacklisting is a neverending story (plus, there is some real chance blocking real MX relays).

 

and in the second case a basic pf configuration blocking any incoming attempts like:

 

set skip lo0 # skipping any filtering on lo0

ext_iface="your_network_card_connected_to_internet"

pass out quick on $ext_iface all
block log quick on $ext_iface all

 

should be sufficient.

for more information about optimizations,  man (5) pf.conf  should do the trick.

 

regards.

 

> Message du 29/03/17 22:05
> De : "Chris H" 
> A : "FreeBSD pf" 
> Copie à : 
> Objet : When should I worry about performance tuning?
> 
> OK. My association with FreeBSD has made me a prime
> target for every male hormone distributor on the net.
> Fact is; I can guarantee ~89 SPAM attempts in under 5
> minutes, after creating a pr on bugzilla. At first I
> was angry, and frustrated. But decided to make it a
> challenge/contest, and see my way to thwarting their
> attacks. Long story short; I think I'm on the right
> track; In just over a month, I've managed to trap
> just under 3 million (2,961,264) *bonafide* SPAM sources.
> I've been honing, and tuning my approach to insure that
> there are zero false positives, and at the same time,
> make it more, and more efficient.
> So now that I'm dropping packets from *so* many IP's
> I'm wondering if it's not time to better tune pf(4).
> I've never worked pf hard enough to do any more than
> create a table, and a few simple rules. But I think I
> need to do more.
> Here's the bulk of what I'm using now:
> 
> ###################################
> set loginterface re0
> set block-policy drop
> set fingerprints "/etc/pf.os"
> scrub in all
> set skip on lo0
> antispoof quick for lo0
> antispoof for re0 inet
> 
> table persist file "/etc/SPAMMERS"
> block in log quick on re0 proto tcp from to port {smtp, submission,
> pop3, imap, imaps}
> ###################################
> 
> Would set optimization be warranted?
> Any thoughts, or advice greatly appreciated!
> 
> --Chris
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list