Greetings.
I don't understand some things.
your machine is a mail relay/server, or you haved a host without any firewall
between him and the internet?
In the first case, you'll should prefer setting greylisting / tarpitting at
minimum, feeding a firewall table for blacklisting is a neverending story
(plus, there is some real chance blocking real MX relays).
and in the second case a basic pf configuration blocking any incoming attempts
like:
set skip lo0 # skipping any filtering on lo0
ext_iface="your_network_card_connected_to_internet"
pass out quick on $ext_iface all
block log quick on $ext_iface all
should be sufficient.
for more information about optimizations, man (5) pf.conf should do the trick.
regards.
> Message du 29/03/17 22:05
> De : "Chris H"
> A : "FreeBSD pf"
> Copie à :
> Objet : When should I worry about performance tuning?
>
> OK. My association with FreeBSD has made me a prime
> target for every male hormone distributor on the net.
> Fact is; I can guarantee ~89 SPAM attempts in under 5
> minutes, after creating a pr on bugzilla. At first I
> was angry, and frustrated. But decided to make it a
> challenge/contest, and see my way to thwarting their
> attacks. Long story short; I think I'm on the right
> track; In just over a month, I've managed to trap
> just under 3 million (2,961,264) *bonafide* SPAM sources.
> I've been honing, and tuning my approach to insure that
> there are zero false positives, and at the same time,
> make it more, and more efficient.
> So now that I'm dropping packets from *so* many IP's
> I'm wondering if it's not time to better tune pf(4).
> I've never worked pf hard enough to do any more than
> create a table, and a few simple rules. But I think I
> need to do more.
> Here's the bulk of what I'm using now:
>
> ###################################
> set loginterface re0
> set block-policy drop
> set fingerprints "/etc/pf.os"
> scrub in all
> set skip on lo0
> antispoof quick for lo0
> antispoof for re0 inet
>
> table persist file "/etc/SPAMMERS"
> block in log quick on re0 proto tcp from to port {smtp, submission,
> pop3, imap, imaps}
> ###################################
>
> Would set optimization be warranted?
> Any thoughts, or advice greatly appreciated!
>
> --Chris
>
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
>
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
