Re: iptables equivaelnt
On 22 June 2010 20:36, Erik Norgaard wrote: > On 21/06/10 20.06, pete wright wrote: > >> On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: >>> I'm particuclary trying to implement some type of rate control as we are getting hammered by spam. >>> >> I'd humbly suggest pf + spamd if you are concerned specifically about >> stopping spam, both are supported by freebsd and i have had great >> success using these tools to combat spam. >> > > spamd does not stop spam. It is intented to increase the cost of sending > spam at little cost to your server by keeping the spammer busy trying. > > If you're concerned with blocking spam from a limited set of known sources, > then you can create block lists in your firewall. If you know that you will > not receive legitimate mails from certain countries, you can block their > assigned IP ranges. > > If you're trying to block large number of unknown sources, then I suggest > subscribing to spamhaus' lists and configure your server to adhere strictly > to the protocols. > > You may wish to subscribe to lists of dynamic ip-ranges. These are often > considered spam sources hosting a large number of bot-nets However, you may > also block mail from legitimate servers run by people who like to run their > own home server - such as FreeBSD users. > > There is only limited benefit of some kind of rate control and I believe > that such controls must be implemented in your mail server. Implementing > rate control mail also delay legitimate mail, and depending on how you do > it, spammers may even cause a DOS against your server. > > Anyway, to avoid spammers eating up server resources, check your server > config: > > 1. ensure that the spam decision is reached as fast as possible > 2. consider early whitelisting of the most common legitimate mail sources > 3. DNS block lists should be last as they add additional delay, possibly > you can configure a local dns cache to shorten delay > > BR, Erik > -- > Erik Nørgaard > Ph: +34.666334818/+34.915211157 http://www.locolomo.org > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > true spamd doesnt block spam it rates it. However these ratings on host can be used to build an ip list which can be applied to a pf table. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: iptables equivaelnt
On 21/06/10 20.06, pete wright wrote: On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: I'm particuclary trying to implement some type of rate control as we are getting hammered by spam. I'd humbly suggest pf + spamd if you are concerned specifically about stopping spam, both are supported by freebsd and i have had great success using these tools to combat spam. spamd does not stop spam. It is intented to increase the cost of sending spam at little cost to your server by keeping the spammer busy trying. If you're concerned with blocking spam from a limited set of known sources, then you can create block lists in your firewall. If you know that you will not receive legitimate mails from certain countries, you can block their assigned IP ranges. If you're trying to block large number of unknown sources, then I suggest subscribing to spamhaus' lists and configure your server to adhere strictly to the protocols. You may wish to subscribe to lists of dynamic ip-ranges. These are often considered spam sources hosting a large number of bot-nets However, you may also block mail from legitimate servers run by people who like to run their own home server - such as FreeBSD users. There is only limited benefit of some kind of rate control and I believe that such controls must be implemented in your mail server. Implementing rate control mail also delay legitimate mail, and depending on how you do it, spammers may even cause a DOS against your server. Anyway, to avoid spammers eating up server resources, check your server config: 1. ensure that the spam decision is reached as fast as possible 2. consider early whitelisting of the most common legitimate mail sources 3. DNS block lists should be last as they add additional delay, possibly you can configure a local dns cache to shorten delay BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: iptables equivaelnt
On Mon, Jun 21, 2010 at 10:34 AM, Chuck Swiger wrote: > Hi-- > > On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: >> I'm looking for FREEBSD's equivalent of iptables >> >> I'm particuclary trying to implement some type of rate control as we are >> getting hammered by spam. > > The three major choices available with FreeBSD are documented here: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html > I'd humbly suggest pf + spamd if you are concerned specifically about stopping spam, both are supported by freebsd and i have had great success using these tools to combat spam. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: iptables equivaelnt
Hi-- On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: > I'm looking for FREEBSD's equivalent of iptables > > I'm particuclary trying to implement some type of rate control as we are > getting hammered by spam. The three major choices available with FreeBSD are documented here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
iptables equivaelnt
I'm looking for FREEBSD's equivalent of iptables I'm particuclary trying to implement some type of rate control as we are getting hammered by spam. Any and all help would be graetly appreciated ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
