Re: [exim] exim allowed someone to slam my mail server for 3…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: peter
CC: exim-users
New-Topics: [exim] High Perf server - was (exim allowed someone to slam my mail server for 3 hours)
Subject: Re: [exim] exim allowed someone to slam my mail server for 3 hours
On Tue, 28 Jun 2005, Peter Bowyer wrote:
>
> If I were only dealing with a single server I can see how I could use
> the new ratelimit features, but my situation requires monitoring of
> client behaviour and application of controls across a group of
> geographically-separate servers. We've observed that dictionary spams
> are agile across all the MXs for a domain, presumably in an attempt to
> avoid tripping ratelimit-style controls, so we need to aggregate
> behaviour from a single client across all the MXs.


Exim doesn't support tightly-coupled clusters. This is a weakness in the
implementation of the hints DBs, and fixing it was outside the scope of
the ratelimit project. There are other things that would benefit from
better hints DBs: the current implementation is a major bottleneck for
high capacity servers, so there's scope for improved performance; sharing
the hints DBs will reduce duplicated work across a cluster (retrys,
callouts, etc.); greylisting would be much better if implemented
cluster-wide rathe than per-machine. Perhaps one day someone will tackle
it :-)

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}