Discussion:
Question about Anvil
(too old to reply)
Fazzina, Angelo
2016-08-02 17:50:23 UTC
Permalink
Hello,
I am testing anvil by setting these variables:

1. smtpd_client_connection_rate_limit = 100 connections
2. mtpd_client_recipient_rate_limit = 100 recipients addresses
3. smtpd_client_message_rate_limit = 100 delivery requests
4. smtpd_client_new_tls_session_rate_limit = 100 connections
5. smtpd_client_event_limit_exceptions = 127.0.0.1


anvil is set to:

anvil_rate_time_unit = 60s
anvil_status_update_time = 600s


#5 is so I can test and not be exempt
#1 and #2 I was able to test and worked perfectly.

When I got around to testing #3 I noticed the current values would never trigger that setting so I changed it to this.
smtpd_client_connection_rate_limit = 150
smtpd_client_message_rate_limit = 100
This allowed me to see in the Postfix log files that the messages are in fact getting blocked by the "message_rate_limit" and not something else.

My question is what would be a good explanation for having BOTH smtpd_client_message_rate_limit and smtpd_client_connection_rate_limit
Set at the same time?

As I see it, having either of them set provides the same result of blocking mail.
When would a person choose one or the other ?
The man page clearly states what each option does, but it's not clear to me in what scenario you would pick to set one of them or both of them ?

Thank you for your time.
-ALF



-Angelo Fazzina
Operating Systems Programmer / Analyst
University of Connecticut,  UITS, SSG-Linux/ M&C
860-486-9075
Viktor Dukhovni
2016-08-02 17:58:14 UTC
Permalink
Post by Fazzina, Angelo
My question is what would be a good explanation for having BOTH smtpd_client_message_rate_limit and smtpd_client_connection_rate_limit
Set at the same time?
SMTP allows the transmission of more than one message per connection.

EHLO example.com
MAIL FROM:<***@example.com>
RCPT TO:<***@example.net>
DATA
<message1 headers and body>
.
RSET
MAIL FROM:<***@example.com>
RCPT TO:<***@example.org>
DATA
<message2 headers and body>
.
RSET
MAIL FROM:<***@example.com>
RCPT TO:<***@example.edu>
DATA
<message3 headers and body>
.
RSET
...
--
Viktor.
Noel Jones
2016-08-02 17:59:25 UTC
Permalink
Post by Fazzina, Angelo
My question is what would be a good explanation for having BOTH smtpd_client_message_rate_limit and smtpd_client_connection_rate_limit
Set at the same time?
A client can send multiple deliveries per connection, such as
postfix does with connection caching.

A broken client may connect and not send any mail -- connect, hang
around a while, disconnect.



-- Noel Jones
Fazzina, Angelo
2016-08-02 18:10:34 UTC
Permalink
Thank you Viktor,
Your example with the "RSET" command made me realize what I was seeing in my Postfix logs from my tests.

Example : Aug 2 11:59:22 mta4 postfix/smtpd[31444]: lost connection after RSET from z.z.z.z


Thank you Jeroen,
That's the answer I was looking for, an example where leaving one setting "off" can allow spammers to spam.
I think in my testing I tested multiple ways of sending without even knowing it.
1. sending many emails over one smtp connection
2. sending many emails over multiple smtp connections


Thank you to everyone that took the time to respond. I think I'm all set now.
-ALF

-Angelo Fazzina
Operating Systems Programmer / Analyst
University of Connecticut,  UITS, SSG-Linux/ M&C
860-486-9075


-----Original Message-----
From: owner-postfix-***@postfix.org [mailto:owner-postfix-***@postfix.org] On Behalf Of Viktor Dukhovni
Sent: Tuesday, August 2, 2016 1:58 PM
To: postfix-***@postfix.org
Subject: Re: Question about Anvil
Post by Fazzina, Angelo
My question is what would be a good explanation for having BOTH smtpd_client_message_rate_limit and smtpd_client_connection_rate_limit
Set at the same time?
SMTP allows the transmission of more than one message per connection.

EHLO example.com
MAIL FROM:<***@example.com>
RCPT TO:<***@example.net>
DATA
<message1 headers and body>
.
RSET
MAIL FROM:<***@example.com>
RCPT TO:<***@example.org>
DATA
<message2 headers and body>
.
RSET
MAIL FROM:<***@example.com>
RCPT TO:<***@example.edu>
DATA
<message3 headers and body>
.
RSET
...
--
Viktor.
Loading...