From owner-freebsd-pf@FreeBSD.ORG Fri Dec 17 06:07:49 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E366816A4CE for ; Fri, 17 Dec 2004 06:07:49 +0000 (GMT) Received: from ms-smtp-02-eri0.ohiordc.rr.com (ms-smtp-02-smtplb.ohiordc.rr.com [65.24.5.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 234D443D3F for ; Fri, 17 Dec 2004 06:07:49 +0000 (GMT) (envelope-from dmehler26@woh.rr.com) Received: from satellite (dhcp065-031-041-029.woh.rr.com [65.31.41.29]) iBH67kJl012270; Fri, 17 Dec 2004 01:07:46 -0500 (EST) Message-ID: <000901c4e3fe$9c710f30$0400a8c0@satellite> From: "dave" To: "Ladislav Bodnar" , References: <200412171356.34608.distro.watch@msa.hinet.net> Date: Fri, 17 Dec 2004 01:06:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: Can pf block illegal relay access attempts? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dave List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 06:07:50 -0000 Hello, I'm in an identical situation, my postfix system is getting heavy traffic from spammers a majority of which are from the asia area. I've got the beginnings of a concept but don't know how best to implement it. Use a spammers table and point that to a file that contains one IP address perline. Then somehow trigger a script that takes an offending ip out of the maillog or also in my case the ssh log, and drops it in that file. When that is done pfctl reloads and blocks it. Any help or improvements appreciated. Dave.