Date: Thu, 5 Mar 2009 15:01:06 -0800 (PST) From: muhammad usman <usmanbsd@yahoo.com> To: freebsd-isp@freebsd.org, Mark E Doner <nuintari@amplex.net> Subject: Re: rate limiting mail server Message-ID: <389006.84764.qm@web56404.mail.re3.yahoo.com> In-Reply-To: <49A38202.7010506@amplex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In any case implementing=A0first layer of=A0tcp syn proxy will be always us= eful, just one command for everyone. =A0 http://www.openbsd.org/faq/pf/filter.html#synproxy =A0 after that use any other layer of limitation as others suggested. =A0 --- On Tue, 2/24/09, Mark E Doner <nuintari@amplex.net> wrote: From: Mark E Doner <nuintari@amplex.net> Subject: rate limiting mail server To: freebsd-isp@freebsd.org Date: Tuesday, February 24, 2009, 10:13 AM Greetings, I am running a fairly large mail server, FreeBSD, of course. It is predominantly for residential customers, so educating the end users to not = fall for the scams is never going to happen. Whenever we have a customer actuall= y hand over their login credentials, we quickly see a huge flood of inbound connections from a small handful of IP addresses on ports 25 and 587, all authenticate as whatever customer fell for the scam du jour, and of course,= load goes through the roof as I get a few thousand extra junk messages to proces= s in a matter of minutes. Thinking about using PF to rate limit inbound connections, stuff the hog wi= ld connection rates into a table and drop them quickly. My question is, I know= how to do this, PF syntax is easy, but has anyone ever tried this? How many new connections per minute from a single source are acceptable, and what is blatantly malicious? And, once I have determined that, how long should I le= ave the offenders in the blocklist? Any thoughts appreciated, Mark _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" =0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?389006.84764.qm>