[Top] [All Lists]

Re: [ietf-smtp] You can't hurt a computer's feelings

2013-03-03 18:44:52
At 11:22 AM -0500 3/3/13, John R Levine wrote:

That matches my experience. Whatever problem might once have been addressed by limiting the number of connections per source, it doesn't exist any more.

I misstated the EIMS restrictions in my original message. When I checked the documentation, it turns out that EIMS does not enforce restrictions on number of connections from the same source. Instead, EIMS has a three-level budget: total number of incoming connections; number reserved for hosts in the OK state (having passed graylisting); and number reserved for whitelisted hosts. I apologize for mischaracterizing the restrictions (I blame faulty recollection and being too lazy to check before writing).

My server hits its overall limit of 60 all the time when it's getting a lot of spam, but it's never more than a handful of those 60 from a single IP.

When its getting a lot of spam, does it crowd out legitimate email? That's the intent of the EIMS restrictions -- to ensure that some connections remain available for hosts that have a higher liklihood of being legitimate.

 Here's the answer I got:

 At 3:05 PM -0500 3/1/13, David Ross wrote:
It would depend on how many connections you have allocated to regular SMTP and how many to authenticated SMTP.

One EIMS server I have in a small business has both set to 20. Server has been up since Feb 23 and the max connections to date are 7 regular and 4 authenticated at any one time. And with a limit of 20 on the regular SMTP connections I've never seen it hit 20 for at least 5 or more years.

I suspect this is not as much of an issue now that computers can more easily handle a lot of connections and spammers are likely better at not flooding any one server with connections. I suspect the later also depends on the number of domains hosted.

Most of the heavy attacks I see these days come in waves where they fire off from 100 or so IPs in a /24 each with a different domain as the sending entity. Spread over a few hours with under 5 connection attempts per IP.

The office I mentioned with 2 domains and 20 people sees one or two of these a day.

 Content-Type: application/pkcs7-signature; name="smime.p7s"
 Content-Description: S/MIME Cryptographic Signature
 Content-Disposition: attachment; filename="smime.p7s"

 Attachment converted: TiLand:smime 199.p7s (    /    ) (00865A81)

Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Who tells the stories of a culture really governs human behavior.  It
used to be the parent, the school, the church, the community.  Now it's
a handful of global conglomerates that have nothing to tell, but a
great deal to sell.
   --George Gerbner, dean of Annenberg School of Communication
ietf-smtp mailing list