DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th February 2012
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default pf and blocking on smtp

I'm using OpenSMTPD for my mail server which is a pleasure compared to Sendmail. At times in my maillog there are attempts made to relay mail from various IPs. Can I add a rule like the one below to stifle any further attempts from that IP? I realize the IPs may and probably will change, but I'd like to add any extra protection I can. I'm currently blocking IPs from N Korea, China, and certain other countries.

Code:
pass quick proto tcp from any to any port 25 \
        flags S/SA keep state \
        (max-src-conn 15, max-src-conn-rate 5/3, \
        overload <bruteforce> flush global)
Reply With Quote
  #2   (View Single Post)  
Old 15th February 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

This will only add IP addresses that match your stateful tracking rule. If the single IP is not flooding your site with new connections, this is unlikely to trip. Have you considered spamd(8)?
Reply With Quote
  #3   (View Single Post)  
Old 15th February 2012
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default

Thanks for the spamd recommendation. It completely slipped my mind although at one time it was on my list to implement.
Reply With Quote
  #4   (View Single Post)  
Old 15th February 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Quote:
I'm currently blocking IPs from N Korea, China, and certain other countries
wow interesting .. gpatrick, could you please share with us how you did this ? maybe in a new thread .. I am interested to learn about this .. thank you
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix and Dovecot SMTP auth configuration hints J65nko OpenBSD Packages and Ports 0 5th February 2010 02:53 AM
SMTP on non-standard port guitarscn OpenBSD General 7 19th July 2009 12:54 AM
Smtp Auth Help needed roundkat OpenBSD General 4 8th May 2009 08:25 PM
pf blocking php mail ijk FreeBSD Security 7 30th October 2008 08:33 PM
PF Blocking schrodinger OpenBSD Security 6 6th October 2008 10:33 PM


All times are GMT. The time now is 06:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick