Date: Tue, 21 Dec 2004 11:19:42 +0900 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: Ladislav Bodnar <distro.watch@msa.hinet.net> Cc: freebsd-pf@freebsd.org Subject: Re: Can pf block illegal relay access attempts? Message-ID: <20041221021942.GA4468@kt-is.co.kr> In-Reply-To: <200412210840.42375.distro.watch@msa.hinet.net> References: <200412171356.34608.distro.watch@msa.hinet.net> <20041217061437.GA5119@kt-is.co.kr> <200412210840.42375.distro.watch@msa.hinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 21, 2004 at 08:40:42AM +0800, Ladislav Bodnar wrote: > On Friday 17 December 2004 14:14, Pyun YongHyeon wrote: > > On Fri, Dec 17, 2004 at 01:56:34PM +0800, Ladislav Bodnar wrote: > > > Hi, > > > > > > Over the last 7 days my Postfix mail server received almost 80,000 > > > requests to relay mail to a third destination. Since it is not an open > > > relay, it rejected all these requests, but it is still annoying to see > > > this happening. The requests came from varying (almost 20,000 > > > different) IP addresses, but they had one thing in common - the > > > destination address was always "$some-user-name"@infomagic.com. > > > > > > Is there a way to prevent these attempts to access the mail server at > > > all? I only started using pf recently, so I still have a lot to learn, > > > but I would appreciate any advice. Or is pf not the right tool for > > > this? > > > > Try spamd in ports/mail. > > Thank you for your suggestion. > > I investigated spamd and found out that it blocks connections based on IP > address only. Unfortunately, I generated almost 20,000 different IP > addresses over the last 7 days, so I don't think the IP addresses I would > block are valid. I am looking for a solution where a connection is refused > based on the recipient's email address (which is always @infomagic.com). > > Basically I am wondering if pf can refused a connection based on some other > criteria than IP address. > As you said pf can filter based on IP address. The IP address information to be used comes from other criteria(e.g. greylisting or sender/recipeint's address, header information etc.) You may want to see Daniel's page. http://www.benzedrine.cx/relaydb.html Using 20,000 different IP address is no problem at all. You will never notice performance degradation and I believe pf's table is more efficient than userland database approach as far as IP address is concerned. Redirecting to spamd in order to waste the time of spam sender or blocking the connection from spammers IP address is up to you. > Thanks a lot. -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041221021942.GA4468>