On 2020-05-27 14:27, Walter Alejandro Iglesias wrote:
Another question about pf.
Perhaps I don't fully understand how connection rate is calculated.
The following line in /etc/pf.conf:
pass in log inet proto tcp to any port { smtp smtps } synproxy state
\
(max-src-conn-rate 5/30, overload <smtp> flush global)
Shouldn't avoid this happen?
In /var/log/maillog
...
A total of *323* connections from the same IP at less than a 1/4 second
interval during more than four minutes.
If I'm not mistaken (someone please correct me if I'm wrong), 323
connections in maillog is not the same as 323 tcp connections. You can
send 323 smtp commands in single tcp session.
Perhaps you should look into https://man.openbsd.org/spamd to achieve
your goal.
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
