Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Mar 2015 17:50:47 -0700
From:      Doug Hardie <bc979@lafn.org>
To:        Dave Horsfall <dave@horsfall.org>
Cc:        FreeBSD PF List <freebsd-pf@freebsd.org>
Subject:   Re: Hints on rate limiting
Message-ID:  <B8167BC7-C903-49DB-A91F-846EC0AB425C@lafn.org>
In-Reply-To: <alpine.BSF.2.11.1503180358070.15124@aneurin.horsfall.org>
References:  <alpine.BSF.2.11.1503180358070.15124@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On 17 March 2015, at 10:14, Dave Horsfall <dave@horsfall.org> wrote:
> 
> FreeBSD 9.3-RELEASE-p5 (GENERIC) #0: Mon Nov  3 22:02:57 UTC 2014
> 
> fxp0: <Intel 82801DB (ICH4) Pro/100 VM Ethernet> (on board)
> 
> I'm having trouble with getting rate limiting to work i.e. so many 
> connections from the same source in so many seconds (what we in the 
> anti-spam community call "woodpeckers").
> 
> Does it actually work on FreeBSD 9?  I know that PF doesn't work at all on 
> FreeBSD 8 (at least, with the NIC above), and if it does indeed work then 
> what would be a good starting point?
> 
> Note that a complicating factor is that I have configured a "greet pause" 
> of 10 seconds i.e. after the connection I wait for that long before 
> issuing the SMTP greeting (and woe betide you if you don't wait in turn).
> 
> And before anyone asks me why aren't I running 10.x, I will as soon as my 
> new server arrives; the current box is going to fail soon (the 
> electrolytic capacitors are starting to bulge) so it's not worth the 
> hassle.  And anyway, I've screwed up the ports area Yet Again from a 
> failure to read simple instructions :-(

You might want to provide some details on which approach to rate limiting you are using.  There are at least two that I am aware of.  Also, are your sure that you are having a large number of connections from each IP, or are they using one connection and trying many different ids and passwords?  I see lots of the latter on several mail servers I run.  I don’t recall seeing one IP making many connection attempts.  Rate limiting won’t help if they are using one connection.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8167BC7-C903-49DB-A91F-846EC0AB425C>