LuKreme wrote:
On 19-Mar-2009, at 04:44, Wietse Venema wrote:
LuKreme:
My server is pretty light weight, and I don't tend to get too many
floods of spammers, but are these defaults reasonable to mitigate the
damage that a flood might do? Are these defaults anything a normal
user is ever going to hit?
A normal user is NEVER going to hit these limits. As documented,
anvil is for out-of-control clients. It is not a traffic quota
tool, and must not be used for that purpose.
OK, but if the numbers were lowered to ... oh, say
smtpd_client_connection_rate_limit = 8
smtpd_client_connection_count_limit = 20
A normal user is still never going to hit them I'd think.
Obviously, on a large server with a LAN or a lot of people maybe behind
a single IP those numbers wouldn't work.
OTOH, I'm not changing anything at this point.
It's reasonable to tune these settings for your site. But
remember anvil is an emergency shutoff, not a traffic cop.
Your settings should be several times what you see from your
highest volume "normal" client. The settings should reflect a
ridiculous amount of traffic that you will never ever see from
a legit client.
--
Noel Jones
