On Thu, May 28, 2020 at 12:06:18PM +0200, Marko Cupać wrote: > On 2020-05-27 14:27, Walter Alejandro Iglesias wrote: > > Another question about pf. > > > > Perhaps I don't fully understand how connection rate is calculated. > > > > The following line in /etc/pf.conf: > > > > pass in log inet proto tcp to any port { smtp smtps } synproxy state > > \ > > (max-src-conn-rate 5/30, overload <smtp> flush global) > > > > Shouldn't avoid this happen? > > > > In /var/log/maillog > > ... > > A total of *323* connections from the same IP at less than a 1/4 second > > interval during more than four minutes. > > If I'm not mistaken (someone please correct me if I'm wrong), 323 > connections in maillog is not the same as 323 tcp connections. You can > send 323 smtp commands in single tcp session.
That's been my suspicion so far, that's why I didn't ask this question here before. I have to study how smtp connections work, if you're right, then that's what's happening. > > Perhaps you should look into https://man.openbsd.org/spamd to achieve > your goal. What I do is enough to keep mail spam under control in my case. My doubt was mostly technical. > > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/ Thanks Marko!