Jake Vickers wrote:
> Peter Peltonen wrote:
>> What does this "throttling" mean:
>>
>> On Tue, Jun 3, 2008 at 12:13 AM, Kyle Quillen <[EMAIL PROTECTED]> wrote:
>>
>>> First of all, throttle SMTP traffic with iptables to prevent excessive
>>> connections (and resultant spamd/clamd instances) in the first place:
>>>
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m
>>> recent --set
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m
>>> recent --update --seconds 60 --hitcount 12 -j DROP
>>>
>>
>> Does it mean that if you get more than 12 SMTP attempts from the the
>> same client in 60 seconds you drop the rest? Have you seen from logs
>> some client doing more than 12 attemps in 1 minute? Is there some
>> possible downsides for this?
>>
>
> That does mean that if you get more than 12 connections on port 25 in a
> 60 second timeframe by an IP you'll drop the rest of their connections
> from their IP at the firewall level.
> It's not targeted at clients; it's targeted at spam servers. Some of
> them will connect 50 times or more at whatever rate their NIC can handle
> and try joe-jobbing your server.
>
Wouldn't this be a good thing to have in the stock toaster firewall?
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
