|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Karsten Scheibler (pfuml
unusedino.de)
Date: Tue Oct 02 2007 - 02:45:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
> ...
>
> The problem
> ===========
>
> Last week some ratware was causing trouble by connecting to SMTP
> servers and keeping server ports occupied for a long time.
>
> Symptoms:
>
> - Postfix logs ``service "smtp" (25) has reached its process limit''.
>
> - SMTP clients have to wait a long time before the server responds.
>
> - The maillog shows lots of "lost connection after CONNECT" messages.
>
> - netstat shows lots of SMTP connections in FIN_WAIT1/2 state.
>
> While Postfix will drop connections when a client hammers the server,
> until now it had no specific response against connections from a
> large number of different clients.
>
> ...
Would it be a good idea to extend the smtpd_policy_service interface to
allow also changes of smtpd_timeout or other parameters ?
This way an external script could influence timeouts for new connections
on-thy-fly and could base its decision on further external information.
This allows also a different handling of different ip addresses.
karsten
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]