Date: Thu, 5 Mar 2009 15:01:06 -0800 (PST) From: muhammad usman <usmanbsd@yahoo.com> To: freebsd-isp@freebsd.org, Mark E Doner <nuintari@amplex.net> Subject: Re: rate limiting mail server Message-ID: <389006.84764.qm@web56404.mail.re3.yahoo.com> In-Reply-To: <49A38202.7010506@amplex.net>
index | next in thread | previous in thread | raw e-mail
In any case implementing first layer of tcp syn proxy will be always useful, just one command for everyone. http://www.openbsd.org/faq/pf/filter.html#synproxy after that use any other layer of limitation as others suggested. --- On Tue, 2/24/09, Mark E Doner <nuintari@amplex.net> wrote: From: Mark E Doner <nuintari@amplex.net> Subject: rate limiting mail server To: freebsd-isp@freebsd.org Date: Tuesday, February 24, 2009, 10:13 AM Greetings, I am running a fairly large mail server, FreeBSD, of course. It is predominantly for residential customers, so educating the end users to not fall for the scams is never going to happen. Whenever we have a customer actually hand over their login credentials, we quickly see a huge flood of inbound connections from a small handful of IP addresses on ports 25 and 587, all authenticate as whatever customer fell for the scam du jour, and of course, load goes through the roof as I get a few thousand extra junk messages to process in a matter of minutes. Thinking about using PF to rate limit inbound connections, stuff the hog wild connection rates into a table and drop them quickly. My question is, I know how to do this, PF syntax is easy, but has anyone ever tried this? How many new connections per minute from a single source are acceptable, and what is blatantly malicious? And, once I have determined that, how long should I leave the offenders in the blocklist? Any thoughts appreciated, Mark _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?389006.84764.qm>