Am 27.02.2013 21:45, schrieb francis picabia: > I had a set of cascading iptables rules to rate limit new connections, > but they circumvented this as well. Based on the IP, there were 5 connections > per minute and 15 connections per 5 minutes. If those were exceeded, iptables > would block that IP for 20 minutes.
this is bullshit if you where my mail-admin i would call you something not friendly - 15 connections and so 15 messages per 5 minutes thank you if i check my mails in the morning and reply to at least 50 of them due my first coffee things like the follwoing are working much better because a average over 30 minutes allows natural peaks anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 80 > Over 390 unique IPs simultaneously sent email at a gradual rate using 3 sets > of > compromised credentials. > > I looked at one IP, and it connected 59 times over 2 hours, sending one > recipient per email. > > If that is indicative, then 59 * 390 = 23128 email. > > It looks like we need something which limits based on the authenticating > sender > connection counts, not IP or recipient count or get rid of users which are compromised
signature.asc
Description: OpenPGP digital signature
