Thank you both for quick reply All is clear now Regards ------Oryginalna wiadomość------ Od: Peter N. M. Hansteen Nadawca: Peter N. M. Hansteen,,, Do: Gilles Chehade DW: michalzient...@gmail.com DW: misc@opensmtpd.org Temat: Re: Question Wysłano: 19 maj 2015 09:50
On Tue, May 19, 2015 at 09:10:59AM +0200, Gilles Chehade wrote: > OpenSMTPD does not support "bad rcpt throttling" as a specific mechanism > but supports a more generic "bad command throttling" where a bad command > is any command that has not helped moved the session forward. > > If you accumulate enough bad commands in a row and that your session has > not moved forward, you get kicked, which is a hard disconnect. > See bottom of this mail. > > Bad clients can then be blocked with a packet filter (just an example): > > pass inet proto tcp from any to any port smtp flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 15/5, overload <bruteforce> > flush global) On OpenBSD at least, it should also be possible to periodically run a script that parses smtpd logs for the IP addresses of misbehaving hosts and calls spamdb(8) to add those to spamd(8)'s local greytrap blacklist. In my setup I have some of that as well as automatic harvesting of bad addresses in the local domains for inclusion in the local traplist (see eg [1] and references therein). Also, for the bruteforce table members, I have accumulated some anecdotal evidence that 'block drop from <bruteforce> probability 90%' may have them shut up faster than just your regular block drop (but further studies and data massaging are required for firm conclusions). [1] http://www.bsdly.net/~peter/traplist.shtml -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
