Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Dec 1998 18:43:50 +1100 (EST)
From:      Rowan Crowe <rowan@sensation.net.au>
To:        Dean Hollister <dean@odyssey.apana.org.au>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: sendmail morons
Message-ID:  <Pine.BSF.4.01.9812131835450.4706-100000@velvet.sensation.net.au>
In-Reply-To: <Pine.BSF.4.05.9812131529240.4741-100000@odyssey.apana.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 13 Dec 1998, Dean Hollister wrote:

> > If it's a machine performance issue then you could try limiting the number
              ^^^^^^^^^^^^^^^^^^^^^^^^^
> > of children:
> > 
> > # maximum number of children we allow at one time
> > O MaxDaemonChildren=30
> > 
> > If it's for a major mail server then I would _not_ recommend this, as once
> > the limit is reached all connections to port 25 will be refused. I had a
> > play with this the other day when someone decided to forward 150Mb+ of
> > their email from work to their home account, and it was severely loading
> > the system.
> 
> I would *not* recommend this. It would be better to configure the child
> process to exit if the IP is in its db. I vaguely recall something at
> www.sendmail.org about it.

Note that I specified "machine performance issue". I'd rather have my
server have an absolute known limit where it no longer accepts new
connections rather than a steady decline as more and more sendmail
processes appear with each new connection. Seeing a machine run out of
swap space is not fun. ;\

This absolute limit could also be of use in something like a SYN flood
attack. (Note that limiting to 30 is probably _way_ too low, that's just
something I've started with. Still experimenting).

Also, adding in IPs requires periodic review of the database by a human.

Cheers.


--
Rowan Crowe                     Sensation Internet Services, Melbourne Aust
fidonet: 3:635/728                                          +61-3-9388-9260
http://www.rowan.sensation.net.au/             http://www.sensation.net.au/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9812131835450.4706-100000>