Try the solution from Untangle. Set it up with spam filtering and as transparent bridge in between your lan and pfsense.
-Raylund -----Original Message----- From: Joe Laffey [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2008 9:52 AM To: [email protected] Subject: Re: [pfSense Support] strategies for an internet cafe On Fri, 26 Sep 2008, Vivek Khera wrote: > On Fri, Sep 26, 2008 at 8:45 AM, lartc <[EMAIL PROTECTED]> wrote: >> hi all, >> >> i've got a small internet cafe on a lan behind pfsense (soekris net >> 4801). works great. >> >> yesterday (not the first time) someone connected up their laptop, that >> started spewing spam mail. > > Just plain disallow direct to port 25 connections. There's no reason > for it for random client machines. If they need to use their own ISP > or office mail server, they can use the SMTP submission port, or a > VPN. The problem with this is that most people have no clue how to use a submission port or a VPN. So at a cafe blocking port25 will basically be tantamount to telling about 90% of your users to go away and not come to your cafe. They will go to another cafe where they can send mail without trouble. It's a tough problem because you want to block the spam without driving away your customers. You could try traffic shaping port 25. You could give it 20 seconds of high bandwidth followed by shaping down to something really slow. The bigger problem is that your ips will get blacklisted as spammers. -- Joe Laffey | Visual Effects for Film and Video LAFFEY Computer Imaging | ------------------------------------- St. Louis, MO | Show Reel http://LAFFEY.tv/?e11924 USA | ------------------------------------- . | -*- Digital Fusion Plugins -*- -------------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
