[Top] [All Lists]

Re: [ietf-smtp] You can't hurt a computer's feelings

2013-03-03 21:38:39
On 3/3/2013 9:25 PM, Randall Gellens wrote:

Right, as I said in my correction, the EIMS limits are not per-IP but rather three levels of connection budget: maximum total inbound SMTP connections; connections from hosts in the OK state (passed graylisting); connections from whitelisted hosts. So, for example, if you have these set to, say, 20/4/2, then of the 20 total allowed inbound connections, four are always available for OK hosts, two connections remain always available for whitelisted hosts, and up to 16 can be consumed by hosts that you haven't classified.

Do you have Connection Sharing (CS) considerations for the white listed channels?

I saw how these were consuming connections and CPU time thus increasing the potential to reach the connection limits. The client using CS would hold the connection after the first transaction for an extended period which technically has 5 minutes to steal from the server, increasing the session time mostly wasted in holding and not performing any additional transactions. This causes the attack waves to reach the load limit threshold and increased logging of force drops was observed. The solution was to drop the normal 5 minutes idle time to about 30 seconds (might even be smaller) after the first transaction was completed.


ietf-smtp mailing list