Re: [Exim] Re: Bagle, unqualified HELO, time delays

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Chris Edwards
Date:  
À: Jethro R Binks
CC: Exim users list
Sujet: Re: [Exim] Re: Bagle, unqualified HELO, time delays
| Can I just ask what the list considers to be a sensible value, for a site
| MTA handling of the order of ~100,000 connections per day for ~20,000
| addresses?


Our MXs have smtp_accept_max_per_host = 5

This is set deliberately low to stop abusers DoSing our SMTP-time
scanning. It really helps make life hard for the bad guys, without
impacting on friendly MTAs.

Since we've set this limit, the occurances of the global max being
exceeded are much rarer. The per_host limit makes it harder for one
abuser to hog the whole show.

Note that when I say its only bad buys that get throttled, I include
certain abusive list managers. There are some subscribed-for lists that
try to send the same item to hundreds of students, not only as separate
messages, but as separate connections, which they attempt almost
simultaneously. This is DoS, and those who inflict it need to be
throttled - for the benefit of all the other mail activity happening at
the time.

Cheers


--
Chris Edwards, Glasgow University Computing Service