From owner-freebsd-questions@FreeBSD.ORG Tue Jun 22 19:36:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06BB7106566C for ; Tue, 22 Jun 2010 19:36:34 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id AD9938FC0A for ; Tue, 22 Jun 2010 19:36:33 +0000 (UTC) Received: from beta.local (gateway01.m3-connect.de [88.79.237.11]) by mail.locolomo.org (Postfix) with ESMTPSA id 9D3D21C0871 for ; Tue, 22 Jun 2010 21:36:31 +0200 (CEST) Message-ID: <4C2110BD.5060109@locolomo.org> Date: Tue, 22 Jun 2010 21:36:29 +0200 From: Erik Norgaard User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <29017079-55A2-406B-891B-6EEB239EF730@mac.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: iptables equivaelnt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2010 19:36:34 -0000 On 21/06/10 20.06, pete wright wrote: >> On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: >>> I'm particuclary trying to implement some type of rate control as we are getting hammered by spam. > > I'd humbly suggest pf + spamd if you are concerned specifically about > stopping spam, both are supported by freebsd and i have had great > success using these tools to combat spam. spamd does not stop spam. It is intented to increase the cost of sending spam at little cost to your server by keeping the spammer busy trying. If you're concerned with blocking spam from a limited set of known sources, then you can create block lists in your firewall. If you know that you will not receive legitimate mails from certain countries, you can block their assigned IP ranges. If you're trying to block large number of unknown sources, then I suggest subscribing to spamhaus' lists and configure your server to adhere strictly to the protocols. You may wish to subscribe to lists of dynamic ip-ranges. These are often considered spam sources hosting a large number of bot-nets However, you may also block mail from legitimate servers run by people who like to run their own home server - such as FreeBSD users. There is only limited benefit of some kind of rate control and I believe that such controls must be implemented in your mail server. Implementing rate control mail also delay legitimate mail, and depending on how you do it, spammers may even cause a DOS against your server. Anyway, to avoid spammers eating up server resources, check your server config: 1. ensure that the spam decision is reached as fast as possible 2. consider early whitelisting of the most common legitimate mail sources 3. DNS block lists should be last as they add additional delay, possibly you can configure a local dns cache to shorten delay BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org