Report for outgoing SMTP(25) packets
-
Hello,
We have some servers with public Ipv4's behind a Pfsense box.
We usually have issues with customers sending out several spam. As a consequence, we frequently get RBL'ed.
I need Pfsense to listen all the outgoing packets throught port 25, and send me a report whenever a single IP sends more than XXX packets per hour or per day.
How can I do that?
-
There isn't a way to report on that from pfSense.
If you set a rule to log port 25 connections and then sent that to a syslog server, you could have a monitoring package or script watch the log and count connections there. That only gets connections though, not a packet count.
For packet counts, you could maybe get that via netflow if you use softflowd on pfSense plus a netflow server such as nfsen elsewhere on your network, again with a script set to crunch the data for the packets you're after.
Rules on pfSense can limit how many connections they can make per second, and how many concurrent connections they can make, but those would only limit and block and not alert.
