On 3/3/2013 9:25 PM, Randall Gellens wrote:
Right, as I said in my correction, the EIMS limits are not per-IP but
rather three levels of connection budget: maximum total inbound SMTP
connections; connections from hosts in the OK state (passed
graylisting); connections from whitelisted hosts. So, for example, if
you have these set to, say, 20/4/2, then of the 20 total allowed
inbound connections, four are always available for OK hosts, two
connections remain always available for whitelisted hosts, and up to
16 can be consumed by hosts that you haven't classified.
Do you have Connection Sharing (CS) considerations for the white listed
I saw how these were consuming connections and CPU time thus increasing
the potential to reach the connection limits. The client using CS
would hold the connection after the first transaction for an extended
period which technically has 5 minutes to steal from the server,
increasing the session time mostly wasted in holding and not performing
any additional transactions. This causes the attack waves to reach the
load limit threshold and increased logging of force drops was observed.
The solution was to drop the normal 5 minutes idle time to about 30
seconds (might even be smaller) after the first transaction was completed.
ietf-smtp mailing list