Help with woodpecker config (fwd)

Doug Hardie bc979 at lafn.org
Sun Sep 3 01:29:50 UTC 2017 

I believe you need to change the "from any port smtp" in the pass line to "to any port smtp".  Otherwise pf is looking for packets originating on port 25 and most mailers use a much larger port for sending mail.  You want to look for the destination port 25.

-- Doug

> On Sep 1, 2017, at 23:24, Chris H <bsd-lists at bsdforge.com> wrote:
> 
> On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall <dave at horsfall.org> wrote
> 
>> Hmmm, no replies.  Does this mean that no-one is using this useful 
>> feature, is using it but is not willing to share, or it's known not to 
>> work at all and are too embarrassed to say so?
> 
> Hello, Dave.
> 
> I'm not going to pretend that one size fits all, and neither
> should you.
> But You asked, so I'll throw you something that you can experiment
> with that can work, in the right pf.conf(5) arrangement.
> 
> -----------------------------------------------------------------
> # Cleanse every so often with "pfctl -t woodpeckers -T seconds.
> #
> table <woodpeckers> persist
> 
> block in log quick on $ext_if from <woodpeckers>
> 
> # No more than 10/IP, or 5/minute should be plenty.
> pass inet proto tcp from any port smtp \
>    flags S/SA keep state \
>    (max-src-conn 10, max-src-conn-rate 5/60, \
>    overload <woodpeckers> flush global)
> -----------------------------------------------------------------
> 
> I've seen other clever, or exotic arrangements as well.
> A search on the net for pf woodpecker, and similar should
> return them.
> 
> HTH
> 
> --Chris
> 
>> 
>> -- 
>> Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will
>> suffer." 
>> 
>> ---------- Forwarded message ----------
>> Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST)
>> From: Dave Horsfall <dave at horsfall.org>
>> To: FreeBSD PF List <freebsd-pf at freebsd.org>
>> Subject: Help with woodpecker config
>> 
>> I get a lot of woodpecker attempts on my mailserver i.e. a connection gets 
>> rejected for a variety of reasons (I have some fairly savage anti-spam 
>> measures) and they retry straight away.  I've played with the "N connects 
>> in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3).
>> 
>> Does anyone have a working config that they can share, to give me a leg up?
>> 
>> Thanks.
>> 
>> -- 
>> Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will
>> suffer." _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list