From owner-freebsd-isp Sun Dec 13 00:22:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA00632 for freebsd-isp-outgoing; Sun, 13 Dec 1998 00:22:20 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from odyssey.apana.org.au (odyssey.apana.org.au [203.11.114.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA00627 for ; Sun, 13 Dec 1998 00:22:16 -0800 (PST) (envelope-from dean@odyssey.apana.org.au) Received: from odyssey.apana.org.au (odyssey.apana.org.au [203.11.114.1]) by odyssey.apana.org.au (8.8.8/8.8.8) with ESMTP id QAA16877; Sun, 13 Dec 1998 16:21:56 +0800 (WST) (envelope-from dean@odyssey.apana.org.au) Date: Sun, 13 Dec 1998 16:21:55 +0800 (WST) From: Dean Hollister To: Rowan Crowe cc: freebsd-isp@FreeBSD.ORG Subject: Re: sendmail morons In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 13 Dec 1998, Rowan Crowe wrote: > Note that I specified "machine performance issue". I'd rather have my > server have an absolute known limit where it no longer accepts new > connections rather than a steady decline as more and more sendmail > processes appear with each new connection. Seeing a machine run out of > swap space is not fun. ;\ If you're worried about performance, then limit the number of connections right down to 10-20. > This absolute limit could also be of use in something like a SYN flood > attack. (Note that limiting to 30 is probably _way_ too low, that's just > something I've started with. Still experimenting). I disagree with your suggestion that 30 is too low. If anything, 30 is too high. > Also, adding in IPs requires periodic review of the database by a human. You can block by class-c, btw, not just single ips. Regards, d. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message