On Thu, May 28, 2020 at 12:06:18PM +0200, Marko Cupać wrote:
> On 2020-05-27 14:27, Walter Alejandro Iglesias wrote:
> > Another question about pf.
> >
> > Perhaps I don't fully understand how connection rate is calculated.
> >
> > The following line in /etc/pf.conf:
> >
> > pass in log inet proto tcp to any port { smtp smtps } synproxy state
> > \
> > (max-src-conn-rate 5/30, overload <smtp> flush global)
> >
> > Shouldn't avoid this happen?
> >
> > In /var/log/maillog
> > ...
> > A total of *323* connections from the same IP at less than a 1/4 second
> > interval during more than four minutes.
>
> If I'm not mistaken (someone please correct me if I'm wrong), 323
> connections in maillog is not the same as 323 tcp connections. You can
> send 323 smtp commands in single tcp session.
That's been my suspicion so far, that's why I didn't ask this question
here before. I have to study how smtp connections work, if you're
right, then that's what's happening.
>
> Perhaps you should look into https://man.openbsd.org/spamd to achieve
> your goal.
What I do is enough to keep mail spam under control in my case. My
doubt was mostly technical.
>
> --
> Before enlightenment - chop wood, draw water.
> After enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/
Thanks Marko!
