Re: SPAMD stop passing mail from WHITE-list

[[EMAIL PROTECTED]]

Quoting Volker <[EMAIL PROTECTED]>:

On 12/23/-58 20:59, ;048<8@ 0?CAB8= wrote:
2. If i have some malware on my PC and use mail-client program. If  
I send the same message some times I automatically get into  
WHITE-list and my malware can spam as much as it must?

Not really related to your spamd problem, but probably useful...

If you need to limit an internal client system for sending out mail
through your system, IMO you may also use pf's limit functions.

Imagine something like:

pass in quick on $int_if from any to $int_if port smtp keep state
(max-src-conn 1, max-src-conn-rate 2/60)

This should limit an internal client to one concurrent connection
and a maximum of 2 connections per 60 seconds and so mass mailing by
abusing your mail gateway should be impossible.

Combining this by a rule like 'block in quick on $int_if from any to
! $int_if port smtp' should efficiently block spam originating from
your internal net.

Has anyone tried using a table and blocking smtp connections similar  
to the ssh brute force solution that I've often seen on the list and  
have been using happily for some time?

Something like:

pass in quick on $ext_if proto tcp from any to ($ext_if) port smtp keep state
      (max-src-conn 1, max-src-conn-rate 2/60, overload <smtp-excess>  
flush global)
block drop in quick on $ext_if from <smtp-excess>

Could it work and be controlable or would it make a bad situation worse?

Thanks,

ed


And for the malware issues, I would like to recommend not to install
and use malware! ;)

Greetings,

Volker



_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"