Always Learning wrote:
> Jawad Khawaja from Lahore wrote on Thu, 1 Apr 2010 16:48:57 +0500.
>
>
>> You can do limit SMTP session limit as well using IPTABLES.... Add below command in your IPTBALES /etc/sysconf/iptables
>>
>> -A INPUT -i eth0 -p tcp -m tcp --dport 25 -m limit --limit 20/min -j ACCEPT
>>
>> This will limit users to 20 sessions per min...
>
> Much appreciated advice. Very useful for stopping people rapidly
> downloading all the 5,000+ pages on my web site (--dport 80).
>
> Thank you.
>
> Paul
> England.
>
Both points moving a bit OT for Exim [1], which has its own hard and dynamic
limiting tools, but a throttled - preset or dynamic - httpd seems more
appropriate to the web site limiting task.
There are several such critters available in the F/OSS arsenal, and it is
trivial to run more than one on the same box - .pdf publications and similar
largish file intended for frequent download often deserving a separate httpd
from the lighter-weight informative pages.
Bill Hacker
[1] Back to Exim: There is usually something in a configuration that is
fundamentally sub-optimal when you see 'too many' in the first place.
Even Zombots are programmed to not waste time, so can be shed by Exim 'Real Soon
Now', freeing the connection in sub two seconds.
EX: For a server on the same IP for 8+ years, and same domain.tld and primary
addressees for ~15+ years, the most recent 13 months-minus-a-week of logs show:
Total 'TCP/IP connection count' = 264134
of which:
'... count = 1' = 230611 87.3 %
'... count = 2' = 29648 11.2 %
'... count = 3' = 3259 1.2 %
'... count = 4' = 472 sub .2 %
Five or more as a group (144 TL) - less than one-tenth of a percent:
'... count = 5' = 84
'... count = 6' = 28
'... count = 7' = 19
'... count = 8' = 10
'... count = 9' = 3
'... count = 10'= 0
greater than 10 = 0
Yes, others may have servers that surpass a quarter million in one DAY or
'pools' that exceed that in under an hour - but the relative distribution should
scale in a similar manner IF you are:
A) kicking Zombots off the teat 'at once': (deny !verify reverse_host_lookup).
B) Smacking the remaining dead-man-walking Qmail installations and imitators for
the RFC-rude habit of multiple parallel smtp connections to deliver the
identical message. See 'smtp_accept_max' and family.