I believe you need to change the "from any port smtp" in the pass line to "to any port smtp". Otherwise pf is looking for packets originating on port 25 and most mailers use a much larger port for sending mail. You want to look for the destination port 25.
-- Doug > On Sep 1, 2017, at 23:24, Chris H <bsd-li...@bsdforge.com> wrote: > > On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall <d...@horsfall.org> > wrote > >> Hmmm, no replies. Does this mean that no-one is using this useful >> feature, is using it but is not willing to share, or it's known not to >> work at all and are too embarrassed to say so? > > Hello, Dave. > > I'm not going to pretend that one size fits all, and neither > should you. > But You asked, so I'll throw you something that you can experiment > with that can work, in the right pf.conf(5) arrangement. > > ----------------------------------------------------------------- > # Cleanse every so often with "pfctl -t woodpeckers -T seconds. > # > table <woodpeckers> persist > > block in log quick on $ext_if from <woodpeckers> > > # No more than 10/IP, or 5/minute should be plenty. > pass inet proto tcp from any port smtp \ > flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 5/60, \ > overload <woodpeckers> flush global) > ----------------------------------------------------------------- > > I've seen other clever, or exotic arrangements as well. > A search on the net for pf woodpecker, and similar should > return them. > > HTH > > --Chris > >> >> -- >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer." >> >> ---------- Forwarded message ---------- >> Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST) >> From: Dave Horsfall <d...@horsfall.org> >> To: FreeBSD PF List <freebsd-pf@freebsd.org> >> Subject: Help with woodpecker config >> >> I get a lot of woodpecker attempts on my mailserver i.e. a connection gets >> rejected for a variety of reasons (I have some fairly savage anti-spam >> measures) and they retry straight away. I've played with the "N connects >> in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3). >> >> Does anyone have a working config that they can share, to give me a leg up? >> >> Thanks. >> >> -- >> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will >> suffer." _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
