On Tue, 26 Oct 1999, Anand Buddhdev wrote:
I recently had a case where one neighbour host, also running qmail,
suddenly opened over 100 connections to my machine, and used up all the
slots, with the result that my customers could not send mail. While I
know there are various different solutions to this problem (like a
different IP for internal customers, asking this neighbour to use
serialmail for backlogged mail), I still wanted to setup session limits,
so I did this: [...]
You have excised one of tcpserver's best features - that it smoothly
queues incoming connections when the process limit is reached.
A very good suggestion, I think is was from DJB, is to use two IP
numbers for hosts that do SMTP with end-user clients. Point your MX
record at one address, and your A record at the other. Run a
separate copy of tcpserver for each. The DNS looks like this:
mail in a 192.168.1.1
in mx 100 mail-mx
mail-mx in a 192.168.1.2
MTAs such as your neighbor's qmail will exclusively use the MX
entry. End-user clients such as Eudora, Outlook will exclusively
use the A entry. Since there are two instances of tcpserver
listening to those addresses, the two do not compete for process
slots.
Regards,
--
Jeff Hayward [EMAIL PROTECTED]
UT System/OTS +1 512 471 2432 (v)
UT Austin/ACITS +1 512 471 2449 (f)
