From: Wietse Venema (wietseporcupine.org)
Date: Mon Sep 03 2007 - 09:03:52 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tony Earnshaw:
> Wietse Venema skrev, on 03-09-2007 02:48:
>
> [...]
>
> > The dynamic "-o stress=yes" setting is simple enough that it could
> > be implemented as an emergency patch for Postfix 2.3 and earlier.
>
> Sounds good. Especially on the ISC/SANS dshield list there is a bunch of
> people reporting repeated increased hammering from diverse IPs, leading
> to the MTA striking. They generally don't report what MTA they're using
> (to them that fact is immaterial, that's not their problem) and the only
> solution till now is a script to parse the logs and adapt the firewall.
> For them this might be a good reason for looking at Postfix.
>
> My Postfix 2.4.5 site only gets occasional bursts that soon stop.

Good. I'll keep it really simply then: kick in when Postfix logs
the "service smtp (25) has reached its process limit" warning, with
a little extra text for clarification:

    "service \"%s\" (%s) has reached its process limit \"%d\: "
    "new clients may experience noticeable delays"
    "to avoid this condition, increase the process count "
    "in master.cf or reduce the service time per client"
    "you may also make main.cf options dependent on the "
    "existence of a non-empty "stress" parameter value"

I'll run some tests after doing some "honey do" chores.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]