Hints on rate limiting
Doug Hardie
bc979 at lafn.org
Wed Mar 18 00:59:23 UTC 2015
> On 17 March 2015, at 10:14, Dave Horsfall <dave at horsfall.org> wrote:
>
> FreeBSD 9.3-RELEASE-p5 (GENERIC) #0: Mon Nov 3 22:02:57 UTC 2014
>
> fxp0: <Intel 82801DB (ICH4) Pro/100 VM Ethernet> (on board)
>
> I'm having trouble with getting rate limiting to work i.e. so many
> connections from the same source in so many seconds (what we in the
> anti-spam community call "woodpeckers").
>
> Does it actually work on FreeBSD 9? I know that PF doesn't work at all on
> FreeBSD 8 (at least, with the NIC above), and if it does indeed work then
> what would be a good starting point?
>
> Note that a complicating factor is that I have configured a "greet pause"
> of 10 seconds i.e. after the connection I wait for that long before
> issuing the SMTP greeting (and woe betide you if you don't wait in turn).
>
> And before anyone asks me why aren't I running 10.x, I will as soon as my
> new server arrives; the current box is going to fail soon (the
> electrolytic capacitors are starting to bulge) so it's not worth the
> hassle. And anyway, I've screwed up the ports area Yet Again from a
> failure to read simple instructions :-(
You might want to provide some details on which approach to rate limiting you are using. There are at least two that I am aware of. Also, are your sure that you are having a large number of connections from each IP, or are they using one connection and trying many different ids and passwords? I see lots of the latter on several mail servers I run. I don’t recall seeing one IP making many connection attempts. Rate limiting won’t help if they are using one connection.
More information about the freebsd-pf
mailing list