Philip,
I did not send you the slightly modified code for restricting connections
from a single network address. The modifications from the copy I put on
the list are minor cleanups and a change of name for the option to
smtp_accept_max_per_host
[people hacking exim who change option names should be aware that they
have to be in the config tables in strict alphabetical order - anything
else and things behave strangely :-( ]
We have been running with this code on our main mail machines for a week
now - it works very nicely thank you! The patch is relative to exim 2.04
but applies cleanly to 2.05.
Nigel.
[info copied from last weeks post]
I add one config variable:-
smtp_accept_max_per_host
which is integer and defaults to zero (ie inactive - same as current
normal practice).
If set and positive, you may have a maximum of smtp_accept_host_max from
any one network address active at a time. The daemon checks this limit
before forking the accept process (this will result in slightly slower
accepting of connections should this feature be used, but protects you
against someone hitting you hard to attempt to overload the machine with
forked processes).
The code is written with a mind to working with both IPv4 and IPv6
although I can only test with IPv4. It will also work with any other
networking technologies in the future for which the sender_host_address is
valid. As with other exim limits it will only work if exim is run as a
daemon.
Cost of this code (if active):-
- 1 sender_host_address string stored in memory for
each active incoming SMTP connection
- linear search of active connection table for each new
SMTP connection. This is short circuited as much as
I can so often it will terminate early, but in many
cases you are going to do a string compare for each
currently active connection.
[ Nigel.Metheringham@??? - Systems Software Engineer ]
[ Tel : +44 113 207 6112 Fax : +44 113 234 6065 ]
[ Real life is but a pale imitation of a Dilbert strip ]
