Date: Thu, 08 Feb 2007 11:17:55 -0600 From: "eculp@encontacto.net" <eculp@encontacto.net> To: freebsd-pf@freebsd.org Subject: Re: SPAMD stop passing mail from WHITE-list Message-ID: <20070208111755.81jaocgn4w880k4g@correo.encontacto.net> In-Reply-To: <45C5D5DB.9050407@vwsoft.com> References: <E1HD4Bj-000D25-00.msgs_for_me-mail-ru@f30.mail.ru> <45C5D5DB.9050407@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Volker <volker@vwsoft.com>: > On 12/23/-58 20:59, =12;048<8@ =1A0?CAB8=3D wrote: >> 2. If i have some malware on my PC and use mail-client program. If =20 >> I send the same message some times I automatically get into =20 >> WHITE-list and my malware can spam as much as it must? > > Not really related to your spamd problem, but probably useful... > > If you need to limit an internal client system for sending out mail > through your system, IMO you may also use pf's limit functions. > > Imagine something like: > > pass in quick on $int_if from any to $int_if port smtp keep state > (max-src-conn 1, max-src-conn-rate 2/60) > > This should limit an internal client to one concurrent connection > and a maximum of 2 connections per 60 seconds and so mass mailing by > abusing your mail gateway should be impossible. > > Combining this by a rule like 'block in quick on $int_if from any to > ! $int_if port smtp' should efficiently block spam originating from > your internal net. Has anyone tried using a table and blocking smtp connections similar =20 to the ssh brute force solution that I've often seen on the list and =20 have been using happily for some time? Something like: pass in quick on $ext_if proto tcp from any to ($ext_if) port smtp keep stat= e (max-src-conn 1, max-src-conn-rate 2/60, overload <smtp-excess> =20 flush global) block drop in quick on $ext_if from <smtp-excess> Could it work and be controlable or would it make a bad situation worse? Thanks, ed > > And for the malware issues, I would like to recommend not to install > and use malware! ;) > > Greetings, > > Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070208111755.81jaocgn4w880k4g>