Hello @misc,
I am currently searching for a way to implement sendmail's connection control
features using pf. In sendmail I am using:
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
How is this - or something similar - done using pf?
I read about max-pkt-rate, set delay, queueing, state modulation but still fail
to get the full picture.
Following is the pf.conf I am currently using I would like to extend to get
those features. Thanks.
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
# rules for spamd(8)
table <spamd-white> persist
#table <nospamd> persist file "/etc/mail/nospamd"
pass in on egress inet proto tcp from any to any port smtp \
divert-to 127.0.0.1 port spamd
#pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp
No comments:
Post a Comment