Date: Tue, 24 Feb 2009 10:05:56 -0700 From: Ben Plimpton <bplimpton@sopris.net> To: Mark E Doner <nuintari@amplex.net> Cc: freebsd-isp@freebsd.org Subject: Re: rate limiting mail server Message-ID: <815D84F7-24C5-4E56-855D-BBE1BDE31A55@sopris.net> In-Reply-To: <49A38202.7010506@amplex.net> References: <49A38202.7010506@amplex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you're using sendmail, you could check into "milter-limit". Ben On Feb 23, 2009, at 10:13 PM, Mark E Doner wrote: > Greetings, > I am running a fairly large mail server, FreeBSD, of course. It is > predominantly for residential customers, so educating the end users > to not fall for the scams is never going to happen. Whenever we have > a customer actually hand over their login credentials, we quickly > see a huge flood of inbound connections from a small handful of IP > addresses on ports 25 and 587, all authenticate as whatever customer > fell for the scam du jour, and of course, load goes through the roof > as I get a few thousand extra junk messages to process in a matter > of minutes. > > Thinking about using PF to rate limit inbound connections, stuff the > hog wild connection rates into a table and drop them quickly. My > question is, I know how to do this, PF syntax is easy, but has > anyone ever tried this? How many new connections per minute from a > single source are acceptable, and what is blatantly malicious? And, > once I have determined that, how long should I leave the offenders > in the blocklist? > > Any thoughts appreciated, > Mark > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?815D84F7-24C5-4E56-855D-BBE1BDE31A55>