Here is what my direct.xml file looks like more direct.xml <?xml version="1.0" encoding="utf-8"?> <direct> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 22 -m state --state NEW -m recent --set</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset </rule> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --set</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset </rule> <rule priority="2" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 7 -j REJECT --reject-with tcp-reset </rule> <rule priority="3" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 200 --hitcount 15 -j REJECT --reject-with tcp-res et</rule> <rule priority="4" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 2000 --hitcount 35 -j REJECT --reject-with tcp-re set</rule> <rule priority="5" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 25 -m state --state NEW -m recent --update --seconds 20000 --hitcount 120 -j REJECT --reject-with tcp- reset</rule> </direct>
Remo > On Aug 22, 2019, at 16:36, Jeff Koch <jeffk...@intersessions.com> wrote: > > Hi Eric: > > This is the patch that we used with Bill's toaster and it was very effective > in limiting the damage from hijacked email accounts. > > http://spamthrottle.qmail.ca/ <http://spamthrottle.qmail.ca/> > > Let me know what you think > > Jeff > > On 8/22/2019 7:18 PM, Eric Broch wrote: >> What about this tcpserver limits patch >> >> https://qmail.jms1.net/ucspi-tcp/ <https://qmail.jms1.net/ucspi-tcp/> >> >> On 8/22/2019 9:32 AM, Jeff Koch wrote: >>> >>> Hi List >>> >>> Sometimes a user's email credentials get hijacked and before we know it >>> 100,000 spams go out. This doesn't happen very often but when it does it's >>> a mess. Our mailserver gets blocked by major ISP and it takes weeks to get >>> the blocks lifted. So I was thinking - is there any way to rate limit email >>> accounts? For example, limit users to sending no faster than one email >>> every few seconds. There used to be a patch for the old Bill's Qmail >>> Toaster called 'spam throttle' that could do this. >>> >>> Regards, Jeff >