Philip Prindeville wrote:
First, I want to add some sort of throttling to MdF so that if the filter rejects a connection during the HELO or RCPT TO or MAIL FROM stages, that it will (for the duration of a throttling period) reject incoming connections during the CONNECT stage,
Sounds like a more raical version of what I'm doing in the filter at http://whatever.frukt.org/mimedefangfilter.text.shtml I'm storing a time-stamped record in a database for each rejected HELO, unknown users, bad MX and new greylist triplets. For each connection I count the number of such records for that host that is newer than a certain time (currently 3 minutes, the same as the black period in our greylist). If that count is higher than my limit (currently 10) the connection is tempfailed in filter_relay. You could probably modify my code to do things your way instead (or just lower the limit to 1 and rase the time window to 1 hour).
One other thing I wasn't sure about doing, was adding "simultaneity" locking as well. That is, blacklisting additional connections from the same site during the duration of a connection. Most legitimate MTA's will open a single connection per site, and then spool multiple messages over a single connection.
Two thoughts: 1: Doesn't sendmail have a setting for this allready? I seem to recall that sendmail can limit both the number of concurrent connections from one hosts and the number of new connection in a specified time interval. But maybe I'm just confused. 2: I would not limit it to one connection. If mail has been queueing up on a server for some reason, it might well start a few paralell connections if the interval between queueruns is lower than the time it takes to send the queued mail.
a database... and I was wondering what sort of Perl tied hash would work well that handles locking and concurrency transparently.
Anyone prefer one Perl module over another?
I decided to move away from the tied hash stuff for my filters databases. Instead I now use sqlite. It's a server-less SQL database driver for DBI. It can be fast, it's more flexible than tied hashes, it handles locking and concurrency and it also makes it possible to move to a real SQL server without too many modifications. Please not that I'm not very good at SQL or SQLite, so it's quite possible that my filter is using them suboptimally. Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
