Date: Sat, 2 Sep 2017 18:22:29 -0700 From: Doug Hardie <bc979@lafn.org> To: Chris H <bsd-lists@bsdforge.com> Cc: freebsd-pf@freebsd.org Subject: Re: Help with woodpecker config (fwd) Message-ID: <A257CAC9-6D16-4E3B-BD97-6509137AE3FB@lafn.org> In-Reply-To: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> References: <alpine.BSF.2.21.1709010816490.40500@aneurin.horsfall.org> <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe you need to change the "from any port smtp" in the pass line to "t= o any port smtp". Otherwise pf is looking for packets originating on port 2= 5 and most mailers use a much larger port for sending mail. You want to loo= k for the destination port 25. -- Doug > On Sep 1, 2017, at 23:24, Chris H <bsd-lists@bsdforge.com> wrote: >=20 > On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall <dave@horsfall.org> w= rote >=20 >> Hmmm, no replies. Does this mean that no-one is using this useful=20 >> feature, is using it but is not willing to share, or it's known not to=20= >> work at all and are too embarrassed to say so? >=20 > Hello, Dave. >=20 > I'm not going to pretend that one size fits all, and neither > should you. > But You asked, so I'll throw you something that you can experiment > with that can work, in the right pf.conf(5) arrangement. >=20 > ----------------------------------------------------------------- > # Cleanse every so often with "pfctl -t woodpeckers -T seconds. > # > table <woodpeckers> persist >=20 > block in log quick on $ext_if from <woodpeckers> >=20 > # No more than 10/IP, or 5/minute should be plenty. > pass inet proto tcp from any port smtp \ > flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 5/60, \ > overload <woodpeckers> flush global) > ----------------------------------------------------------------- >=20 > I've seen other clever, or exotic arrangements as well. > A search on the net for pf woodpecker, and similar should > return them. >=20 > HTH >=20 > --Chris >=20 >>=20 >> --=20 >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer."=20 >>=20 >> ---------- Forwarded message ---------- >> Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST) >> From: Dave Horsfall <dave@horsfall.org> >> To: FreeBSD PF List <freebsd-pf@freebsd.org> >> Subject: Help with woodpecker config >>=20 >> I get a lot of woodpecker attempts on my mailserver i.e. a connection get= s=20 >> rejected for a variety of reasons (I have some fairly savage anti-spam=20= >> measures) and they retry straight away. I've played with the "N connects= =20 >> in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3). >>=20 >> Does anyone have a working config that they can share, to give me a leg u= p? >>=20 >> Thanks. >>=20 >> --=20 >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer." _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20 >=20 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A257CAC9-6D16-4E3B-BD97-6509137AE3FB>