From owner-freebsd-pf@freebsd.org Sun Sep 3 01:29:49 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9787E0FC87 for ; Sun, 3 Sep 2017 01:29:49 +0000 (UTC) (envelope-from srs0=pfl6=ae=lafn.org=bc979@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id D6D217C004 for ; Sun, 3 Sep 2017 01:29:49 +0000 (UTC) (envelope-from srs0=pfl6=ae=lafn.org=bc979@sermon-archive.info) Received: from [10.0.1.5] (unknown [10.0.1.5]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3xlFZt1LP1z2fjvt; Sat, 2 Sep 2017 18:22:30 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Help with woodpecker config (fwd) From: Doug Hardie X-Mailer: iPad Mail (14G60) In-Reply-To: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> Date: Sat, 2 Sep 2017 18:22:29 -0700 Cc: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> To: Chris H X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Sep 2017 01:29:50 -0000 I believe you need to change the "from any port smtp" in the pass line to "t= o any port smtp". Otherwise pf is looking for packets originating on port 2= 5 and most mailers use a much larger port for sending mail. You want to loo= k for the destination port 25. -- Doug > On Sep 1, 2017, at 23:24, Chris H wrote: >=20 > On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall w= rote >=20 >> Hmmm, no replies. Does this mean that no-one is using this useful=20 >> feature, is using it but is not willing to share, or it's known not to=20= >> work at all and are too embarrassed to say so? >=20 > Hello, Dave. >=20 > I'm not going to pretend that one size fits all, and neither > should you. > But You asked, so I'll throw you something that you can experiment > with that can work, in the right pf.conf(5) arrangement. >=20 > ----------------------------------------------------------------- > # Cleanse every so often with "pfctl -t woodpeckers -T seconds. > # > table persist >=20 > block in log quick on $ext_if from >=20 > # No more than 10/IP, or 5/minute should be plenty. > pass inet proto tcp from any port smtp \ > flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 5/60, \ > overload flush global) > ----------------------------------------------------------------- >=20 > I've seen other clever, or exotic arrangements as well. > A search on the net for pf woodpecker, and similar should > return them. >=20 > HTH >=20 > --Chris >=20 >>=20 >> --=20 >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer."=20 >>=20 >> ---------- Forwarded message ---------- >> Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST) >> From: Dave Horsfall >> To: FreeBSD PF List >> Subject: Help with woodpecker config >>=20 >> I get a lot of woodpecker attempts on my mailserver i.e. a connection get= s=20 >> rejected for a variety of reasons (I have some fairly savage anti-spam=20= >> measures) and they retry straight away. I've played with the "N connects= =20 >> in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3). >>=20 >> Does anyone have a working config that they can share, to give me a leg u= p? >>=20 >> Thanks. >>=20 >> --=20 >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer." _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20 >=20 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"