From owner-freebsd-isp@FreeBSD.ORG Thu Mar 5 23:27:48 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83B45106564A for ; Thu, 5 Mar 2009 23:27:48 +0000 (UTC) (envelope-from usmanbsd@yahoo.com) Received: from web56404.mail.re3.yahoo.com (web56404.mail.re3.yahoo.com [216.252.111.83]) by mx1.freebsd.org (Postfix) with SMTP id 3B5668FC15 for ; Thu, 5 Mar 2009 23:27:48 +0000 (UTC) (envelope-from usmanbsd@yahoo.com) Received: (qmail 84826 invoked by uid 60001); 5 Mar 2009 23:01:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1236294066; bh=epnHD6Kwi5EXQhvqgxT7EnIzVBOHQutFkhHAj+F5emM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=yge9SjV7jzj77BjoiZQZiG6kb68c4+NImKoL+XQuRcklj1NOeoNOWGVdvqxJ1suWHFKjXcSqv4D/j1BnO1LRsykRbjT13AFO28IZQQQopU/8lu0GPxXxV61ZUTGHOU9jUdrzjNwlpRgjNGyfaENSK4OWnyL83kU47D2iwOFAcO4= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=4nG7PvTU1TYhhAjqbDpQpb6TRy9+DFT46wby7pTYfrvVZOBUupn7VCAEmbrOwiYbvo8y4Lkic8ECUYRcFlNXMOdjP9p3YjUXbZ2MLxrTzztI1PXtzuFloe0U4FuCPSJJVz+wk4dokDECn2Qz64+kegAoaCetnUKQJnu4xsb9vWo=; Message-ID: <389006.84764.qm@web56404.mail.re3.yahoo.com> X-YMail-OSG: JX8gEzEVM1lc7.R9u0oNRhFK9Za1is2crB20nuyv9bsojMtqndFSATVC2ul522BWaJHHuiJGe8zV6NcMJGCQN6JywPt2T1B61UgapDWgLamvRQpZi6mqnV6jwxKS3s1Vab0eKM3cDNhXn83s5MDyGhlg70PZYtUmrros7eyMlf3zg5m0Kl6GDBNfSV3osKAqSSwDdBjQYzEKQNQZi0nlQeBl7uE3pLA- Received: from [116.71.182.6] by web56404.mail.re3.yahoo.com via HTTP; Thu, 05 Mar 2009 15:01:06 PST X-Mailer: YahooMailWebService/0.7.289.1 Date: Thu, 5 Mar 2009 15:01:06 -0800 (PST) From: muhammad usman To: freebsd-isp@freebsd.org, Mark E Doner In-Reply-To: <49A38202.7010506@amplex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: rate limiting mail server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: usmanbsd@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 23:27:48 -0000 In any case implementing=A0first layer of=A0tcp syn proxy will be always us= eful, just one command for everyone. =A0 http://www.openbsd.org/faq/pf/filter.html#synproxy =A0 after that use any other layer of limitation as others suggested. =A0 --- On Tue, 2/24/09, Mark E Doner wrote: From: Mark E Doner Subject: rate limiting mail server To: freebsd-isp@freebsd.org Date: Tuesday, February 24, 2009, 10:13 AM Greetings, I am running a fairly large mail server, FreeBSD, of course. It is predominantly for residential customers, so educating the end users to not = fall for the scams is never going to happen. Whenever we have a customer actuall= y hand over their login credentials, we quickly see a huge flood of inbound connections from a small handful of IP addresses on ports 25 and 587, all authenticate as whatever customer fell for the scam du jour, and of course,= load goes through the roof as I get a few thousand extra junk messages to proces= s in a matter of minutes. Thinking about using PF to rate limit inbound connections, stuff the hog wi= ld connection rates into a table and drop them quickly. My question is, I know= how to do this, PF syntax is easy, but has anyone ever tried this? How many new connections per minute from a single source are acceptable, and what is blatantly malicious? And, once I have determined that, how long should I le= ave the offenders in the blocklist? Any thoughts appreciated, Mark _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" =0A=0A=0A