Re: [EXIM] Restricting connections from a single IP address

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Philip Hazel
CC: Jim Knoble, exim-users
Subject: Re: [EXIM] Restricting connections from a single IP address

ph10@??? said:
} I would guess that most people set smtp_accept_max to less than 100.
} Searching a linear list of 100 is pretty fast. However, if it proves
} unacceptable, some kind of hash is probably the best alternative,
} since it could be done in a fixed amount of store.

originally I was thinking in terms of IP address - ie nice 32 bit
quantities that most systems can compare very quickly, so that a for()
loop whipping through them all and checking would be fast and space
efficient on everything.... up to (say) several hundred (my break would be
a 1000) sessions.

Unfortunately :-) I had to implement my code in a slightly different way -
to make this portable and to cater for IPv6 (and whatever else is added
later - IPv8, SMBS) the addresses are kept as text strings and there is an
array of pointers to these. You then have to do a linear search and
compare of this string table - much less good.

I'm willing to have a deep think about good ways of doing this as a hash
space although I'd appreciate it if someone would suggest some good
references to probably suitable hashes. You are also going to still need
the current table so that the count per IP can be decremented when the
receive process is cleaned up.

    Nigel.


-- 
[ Nigel.Metheringham@???   -  Systems Software Engineer ]
[ Tel : +44 113 207 6112                   Fax : +44 113 234 6065 ]
[      Real life is but a pale imitation of a Dilbert strip       ]




--
*** Exim information can be found at http://www.exim.org/ ***