Jake Vickers wrote: > Peter Peltonen wrote: >> What does this "throttling" mean: >> >> On Tue, Jun 3, 2008 at 12:13 AM, Kyle Quillen <[EMAIL PROTECTED]> wrote: >> >>> First of all, throttle SMTP traffic with iptables to prevent excessive >>> connections (and resultant spamd/clamd instances) in the first place: >>> >>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m >>> recent --set >>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m >>> recent --update --seconds 60 --hitcount 12 -j DROP >>> >> >> Does it mean that if you get more than 12 SMTP attempts from the the >> same client in 60 seconds you drop the rest? Have you seen from logs >> some client doing more than 12 attemps in 1 minute? Is there some >> possible downsides for this? >> > > That does mean that if you get more than 12 connections on port 25 in a > 60 second timeframe by an IP you'll drop the rest of their connections > from their IP at the firewall level. > It's not targeted at clients; it's targeted at spam servers. Some of > them will connect 50 times or more at whatever rate their NIC can handle > and try joe-jobbing your server. >
Wouldn't this be a good thing to have in the stock toaster firewall? -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]