SPAMD stop passing mail from WHITE-list
eculp at encontacto.net
eculp at encontacto.net
Thu Feb 8 17:28:22 UTC 2007
Quoting Volker <volker at vwsoft.com>:
> On 12/23/-58 20:59, �;048<8@ �0?CAB8= wrote:
>> 2. If i have some malware on my PC and use mail-client program. If
>> I send the same message some times I automatically get into
>> WHITE-list and my malware can spam as much as it must?
>
> Not really related to your spamd problem, but probably useful...
>
> If you need to limit an internal client system for sending out mail
> through your system, IMO you may also use pf's limit functions.
>
> Imagine something like:
>
> pass in quick on $int_if from any to $int_if port smtp keep state
> (max-src-conn 1, max-src-conn-rate 2/60)
>
> This should limit an internal client to one concurrent connection
> and a maximum of 2 connections per 60 seconds and so mass mailing by
> abusing your mail gateway should be impossible.
>
> Combining this by a rule like 'block in quick on $int_if from any to
> ! $int_if port smtp' should efficiently block spam originating from
> your internal net.
Has anyone tried using a table and blocking smtp connections similar
to the ssh brute force solution that I've often seen on the list and
have been using happily for some time?
Something like:
pass in quick on $ext_if proto tcp from any to ($ext_if) port smtp keep state
(max-src-conn 1, max-src-conn-rate 2/60, overload <smtp-excess>
flush global)
block drop in quick on $ext_if from <smtp-excess>
Could it work and be controlable or would it make a bad situation worse?
Thanks,
ed
>
> And for the malware issues, I would like to recommend not to install
> and use malware! ;)
>
> Greetings,
>
> Volker
More information about the freebsd-pf
mailing list