Date: Tue, 6 Feb 2007 15:56:25 +0300 From: Vladimir Kapustin <msgs_for_me@mail.ru> To: freebsd-pf@freebsd.org Subject: SPAMD stop passing mail from WHITE-list Message-ID: <859855731.20070206155625@mail.ru> References: E1HD4Bj-000D25-00.msgs_for_me-mail-ru@f30.mail.ru
next in thread | raw e-mail | index | archive | help
>> 2. If i have some malware on my PC and use mail-client program. If I send the same message some times I automatically get >into WHITE-list and my malware can spam as much as it must? > >Not really related to your spamd problem, but probably useful... > >If you need to limit an internal client system for sending out mail >through your system, IMO you may also use pf's limit functions. > >Imagine something like: > >pass in quick on $int_if from any to $int_if port smtp keep state >(max-src-conn 1, max-src-conn-rate 2/60) > >This should limit an internal client to one concurrent connection >and a maximum of 2 connections per 60 seconds and so mass mailing by >abusing your mail gateway should be impossible. > >Combining this by a rule like 'block in quick on $int_if from any to >! $int_if port smtp' should efficiently block spam originating from >your internal net. > Yes, it seems to be a good idea, if I can combine this method with spamd functionality. I have similar iptables filter on my recent Linux gateway, but with the growth of network effectivity began to decrease. >And for the malware issues, I would like to recommend not to install >and use malware! ;) > Earlier, I've caught some spammers and blocked their IP in LAN - it was a good motivation to set up antiviruses and another useful soft. I'm thinking about combination (if it this is possible) of these two methods and I'd like to add some more functionality into your method : any IP, that tries to send more than max-src-conn-rate will be put in some table and all IPs from these tables will be automatically blocked on smtp port and some other - to make more demonstrable to IP-keepers that they have some malware.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?859855731.20070206155625>