ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] [Emailcore] Proposed ESMTP keyword RCPTLIMIT

2021-04-20 15:59:44
from [Viktor Dukhovni] [Permanent Link] 
On Apr 19, 2021, at 7:33 PM, Ned Freed 
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:

I assume the Exim and Postfix limits are per-host, which in most cases
translates to per-IP.


The Postfix limits are per-service (essentially host:port), and if we're
just concerned about port 25, then yes, basically per host, but it is
possible on a multi-homed host to treat all the IPs as a single service,
or as separate services.  The distinction is not particularly visible
from outside, so the safe bet is that the limits host-wide.  Things are
perhaps complicated if the same host has multiple names...

The potential load limits that can be enabled are:

  * CONNECTION COUNT
  * CONNECTION RATE
  * MESSAGE RATE
  * RECIPIENT RATE
  * TLS SESSION NEGOTIATION RATE  (TLS resumptions are free)
  * SASL AUTH RATE

Relevant settings:

       anvil_rate_time_unit (60s)
              The time unit over which client connection rates and other rates
              are calculated.

       smtpd_client_connection_count_limit (50)
              How many simultaneous connections any client is allowed to make
              to this service.

       smtpd_client_connection_rate_limit (0)
              The maximal number of connection attempts any client is allowed
              to make to this service per time unit.

       smtpd_client_message_rate_limit (0)
              The maximal number of message delivery requests that any client
              is allowed to make to this service per time unit, regardless of
              whether or not Postfix actually accepts those messages.

       smtpd_client_recipient_rate_limit (0)
              The maximal number of recipient addresses that any client is
              allowed to send to this service per time unit, regardless of
              whether or not Postfix actually accepts those recipients.

       smtpd_client_new_tls_session_rate_limit (0)
              The maximal number of new (i.e., uncached) TLS sessions that a
              remote SMTP client is allowed to negotiate with this service per
              time unit.


       smtpd_client_auth_rate_limit (0)
              The maximal number of AUTH commands that any client is allowed
              to send to this service per time unit, regardless of whether or
              not Postfix actually accepts those commands.

-- 
        Viktor.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] [Emailcore] Proposed ESMTP keyword RCPTLIMIT, Tony Finch
Previous by Thread:  Re: [ietf-smtp] [Emailcore] Proposed ESMTP keyword RCPTLIMIT, Tony Finch
Next by Thread:  Re: [ietf-smtp] [Emailcore] Proposed ESMTP keyword RCPTLIMIT, Michael Peddemors
Indexes:  [Date] [Thread] [Top] [All Lists]