OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: limit outgoing smtp connections

From: richard lucassen (mailinglistslucassen.org)
Date: Wed May 13 2009 - 15:08:44 CDT


On Wed, 13 May 2009 21:53:25 +0200
Magnus Bäck <magnusdsek.lth.se> wrote:

> > IIRC there's a limit for limiting outgoing smtp connections. I just
> > can't find it. Anyone a hint?
>
> Limiting in what sense? The total number of concurrent SMTP clients,
> concurrency per destination, ...?

No, just limit the number of outgoing connections. In iptables
language:

iptables -I OUTPUT 1 -o eth0 -p tcp --syn --dport 25 -m connlimit
--connlimit-above 1 -j REJECT

What happens is: people are sometimes sending 3000 mails with a size of
10MB over a 1Mbit line. This results in 50 simultanous connections at
20kbit/sec. A lot of target servers find it lasts too long and drop the
connection. And the mails will stay in the queue forever.

If I limit this to two connections, it will last 2 days, but mail will
be delivered at the end. If some "normal" mail doesn't get delivered in
time, I can tell that mister X has filled up the queue.

And yes, I know, I have told them 300 times to use a special client
which delivers the mail to the ISP's smtp server. But my LART is
broken.

--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+