Peter Peltonen wrote:
What does this "throttling" mean:
On Tue, Jun 3, 2008 at 12:13 AM, Kyle Quillen <[EMAIL PROTECTED]> wrote:
First of all, throttle SMTP traffic with iptables to prevent excessive
connections (and resultant spamd/clamd instances) in the first place:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m
recent --set
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m
recent --update --seconds 60 --hitcount 12 -j DROP
Does it mean that if you get more than 12 SMTP attempts from the the
same client in 60 seconds you drop the rest? Have you seen from logs
some client doing more than 12 attemps in 1 minute? Is there some
possible downsides for this?
That does mean that if you get more than 12 connections on port 25 in a
60 second timeframe by an IP you'll drop the rest of their connections
from their IP at the firewall level.
It's not targeted at clients; it's targeted at spam servers. Some of
them will connect 50 times or more at whatever rate their NIC can handle
and try joe-jobbing your server.
