Hi,
The firewall setup we have seems to work but perhaps a little better than was needed. As you see from the code below, $mail contains ports 25, 110, 143, 587, 993, 995.
The goal is to stop massive pop3 and imap failed logins, since these logins are just scripts trying to make use of a mail server on the Internet.
The problem is, that clients that have say 10 or more email accounts on this mail server are going to fall into the naughty table because it says 9 connections from same IP in 15 seconds.
Same thing if someone has an email list and it sends out to a lot of people that happens to be on our email server.
Perhaps the code above has to be changed and break up $mail and have it more finely tuned?
Thanks in advance for your response.
The firewall setup we have seems to work but perhaps a little better than was needed. As you see from the code below, $mail contains ports 25, 110, 143, 587, 993, 995.
The goal is to stop massive pop3 and imap failed logins, since these logins are just scripts trying to make use of a mail server on the Internet.
Code:
pass in on $ext_if proto tcp from any to any port $mail flags S/SA synproxy state \
(max-src-conn-rate 9/15, overload <naughty> flush global)
The problem is, that clients that have say 10 or more email accounts on this mail server are going to fall into the naughty table because it says 9 connections from same IP in 15 seconds.
Same thing if someone has an email list and it sends out to a lot of people that happens to be on our email server.
Perhaps the code above has to be changed and break up $mail and have it more finely tuned?
Thanks in advance for your response.