I saw an older thread where someone asked about this, but it applied to
a web server.
I'm seeing a jump in the number of botnet smtp floods on my system, and
it's time to implement something more proactive. Since I use PF,
that's the logical place to start... (and I'm relatively new to PF).
Are there any ways to detect and/or limit the number of connections
coming in per IP, or act according to some other action (maybe a script
watching the SMTP logs).
I'm using Sendmail 8.13 now, and it's connection throttling works fine
in denying the transactions. But I want to block the traffic, too.
Most of it is from dynamic address space, so I really don't care if
those are blocked outright.
I'm also using PF on FreeBSD-6, FYI. There may be some other tool that
someone's written to handle this, that I've not yet located (I will be
looking!).
Thanks!
- PF Connection Throttling (prevent DoS) Forrest Aldrich
-
