Date: Tue, 17 Mar 2015 17:50:47 -0700 From: Doug Hardie <bc979@lafn.org> To: Dave Horsfall <dave@horsfall.org> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Hints on rate limiting Message-ID: <B8167BC7-C903-49DB-A91F-846EC0AB425C@lafn.org> In-Reply-To: <alpine.BSF.2.11.1503180358070.15124@aneurin.horsfall.org> References: <alpine.BSF.2.11.1503180358070.15124@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 17 March 2015, at 10:14, Dave Horsfall <dave@horsfall.org> wrote: >=20 > FreeBSD 9.3-RELEASE-p5 (GENERIC) #0: Mon Nov 3 22:02:57 UTC 2014 >=20 > fxp0: <Intel 82801DB (ICH4) Pro/100 VM Ethernet> (on board) >=20 > I'm having trouble with getting rate limiting to work i.e. so many=20 > connections from the same source in so many seconds (what we in the=20 > anti-spam community call "woodpeckers"). >=20 > Does it actually work on FreeBSD 9? I know that PF doesn't work at = all on=20 > FreeBSD 8 (at least, with the NIC above), and if it does indeed work = then=20 > what would be a good starting point? >=20 > Note that a complicating factor is that I have configured a "greet = pause"=20 > of 10 seconds i.e. after the connection I wait for that long before=20 > issuing the SMTP greeting (and woe betide you if you don't wait in = turn). >=20 > And before anyone asks me why aren't I running 10.x, I will as soon as = my=20 > new server arrives; the current box is going to fail soon (the=20 > electrolytic capacitors are starting to bulge) so it's not worth the=20= > hassle. And anyway, I've screwed up the ports area Yet Again from a=20= > failure to read simple instructions :-( You might want to provide some details on which approach to rate = limiting you are using. There are at least two that I am aware of. = Also, are your sure that you are having a large number of connections = from each IP, or are they using one connection and trying many different = ids and passwords? I see lots of the latter on several mail servers I = run. I don=E2=80=99t recall seeing one IP making many connection = attempts. Rate limiting won=E2=80=99t help if they are using one = connection.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8167BC7-C903-49DB-A91F-846EC0AB425C>