At 11:22 AM -0500 3/3/13, John R Levine wrote:
That matches my experience. Whatever problem might once have been
addressed by limiting the number of connections per source, it
doesn't exist any more.
I misstated the EIMS restrictions in my original message. When I
checked the documentation, it turns out that EIMS does not enforce
restrictions on number of connections from the same source. Instead,
EIMS has a three-level budget: total number of incoming connections;
number reserved for hosts in the OK state (having passed
graylisting); and number reserved for whitelisted hosts. I apologize
for mischaracterizing the restrictions (I blame faulty recollection
and being too lazy to check before writing).
My server hits its overall limit of 60 all the time when it's
getting a lot of spam, but it's never more than a handful of those
60 from a single IP.
When its getting a lot of spam, does it crowd out legitimate email?
That's the intent of the EIMS restrictions -- to ensure that some
connections remain available for hosts that have a higher liklihood
of being legitimate.
Here's the answer I got:
At 3:05 PM -0500 3/1/13, David Ross wrote:
It would depend on how many connections you have allocated to
regular SMTP and how many to authenticated SMTP.
One EIMS server I have in a small business has both set to 20.
Server has been up since Feb 23 and the max connections to date
are 7 regular and 4 authenticated at any one time. And with a
limit of 20 on the regular SMTP connections I've never seen it
hit 20 for at least 5 or more years.
I suspect this is not as much of an issue now that computers can
more easily handle a lot of connections and spammers are likely
better at not flooding any one server with connections. I suspect
the later also depends on the number of domains hosted.
Most of the heavy attacks I see these days come in waves where
they fire off from 100 or so IPs in a /24 each with a different
domain as the sending entity. Spread over a few hours with under
5 connection attempts per IP.
The office I mentioned with 2 domains and 20 people sees one or
two of these a day.
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Disposition: attachment; filename="smime.p7s"
Attachment converted: TiLand:smime 199.p7s ( / ) (00865A81)
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly selected tag: ---------------
Who tells the stories of a culture really governs human behavior. It
used to be the parent, the school, the church, the community. Now it's
a handful of global conglomerates that have nothing to tell, but a
great deal to sell.
--George Gerbner, dean of Annenberg School of Communication
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp