At 6:36 PM -0500 2/28/13, John R Levine wrote:
It'd be interesting.
Here's the answer I got:
At 3:05 PM -0500 3/1/13, David Ross wrote:
It would depend on how many connections you have allocated to
regular SMTP and how many to authenticated SMTP.
One EIMS server I have in a small business has both set to 20.
Server has been up since Feb 23 and the max connections to date are
7 regular and 4 authenticated at any one time. And with a limit of
20 on the regular SMTP connections I've never seen it hit 20 for at
least 5 or more years.
I suspect this is not as much of an issue now that computers can
more easily handle a lot of connections and spammers are likely
better at not flooding any one server with connections. I suspect
the later also depends on the number of domains hosted.
Most of the heavy attacks I see these days come in waves where they
fire off from 100 or so IPs in a /24 each with a different domain
as the sending entity. Spread over a few hours with under 5
connection attempts per IP.
The office I mentioned with 2 domains and 20 people sees one or two
of these a day.
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly selected tag: ---------------
...All repairs tend to destroy the structure [of the software], to
increase the entropy and disorder of the system. Less and less
effort is spent on fixing original design flaws; more and more is
spent on fixing flaws introduced by earlier fixes. As time passes,
the system becomes less and less well-ordered. Sooner or later the
fixing ceases to gain any ground. Each forward step is matched by a
backward one. Although in principle usable forever, the system has
worn out as a base for progress. [...] Systems program building is
an entropy-decreasing process, hence inherently metastable. Program
maintenance is an entropy-increasing process, and even its most
skillful execution only delays the subsidence of the system into
--Fred Brooks in _The Mythical Man Month_
ietf-smtp mailing list