Re: limit tcp sessions opened by an IMAP client
Outlook 2007 has won the price.. It's a pity there is no options like, for a given address, no more than 5 simultaneous connexions Dom 2009/4/14 Joseph Brennan bren...@columbia.edu LALOT Dominique dom.la...@gmail.com wrote: . I've seen once entourage on macosx ignoring 5xx code from our smtp server, and trying to upload a 50Mo file every minute. Outlook will try every second, under some conditions! Funny, I was thinking Outlook Express for this imap problem. I've seen it start a new imap login to see whether there's new mail in the inbox it already has open (this is horrible in U Wash imap, where the new session kills the older one). If these were evenly timed, like every 5 minutes, I would have said Outlook Express. But these are at irregular intervals, so I think it's something else. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
limit tcp sessions opened by an IMAP client
Hello, I've looked at google before asking, but I didn't find something. Some imap clients are using many tcp connexions. I would like to know if there is a way to limit them? Thanks Dom -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
bonjour dominique, iptables is well suited to do this. google rate limiting and maximum connections. cheers mayak On Tue, 2009-04-14 at 10:32 +0200, LALOT Dominique wrote: Hello, I've looked at google before asking, but I didn't find something. Some imap clients are using many tcp connexions. I would like to know if there is a way to limit them? Thanks Dom -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
LALOT Dominique dom.la...@gmail.com wrote: Hello, I've looked at google before asking, but I didn't find something. Some imap clients are using many tcp connexions. I would like to know if there is a way to limit them? This could make the client fail and increase your helpdesk calls. Do you mean more than five? Whatever you do should check both host and user, so that you don't cut off multiple users on a timeshare host or a firewall gateway. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
Look at this one: [r...@smtp ~]# host 82.240.88.126 126.88.240.82.in-addr.arpa domain name pointer val13-2-82-240-88-126.fbx.proxad.net. [r...@smtp ~]# netstat -atpn | grep 82.240.88.126 tcp0 0 139.124.132.126:993 82.240.88.126:60250 ESTABLISHED 9209/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60229 ESTABLISHED 8824/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60235 ESTABLISHED 8016/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60234 ESTABLISHED 8570/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60265 ESTABLISHED 10316/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60180 ESTABLISHED 3795/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60190 ESTABLISHED 5258/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60167 ESTABLISHED 5882/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60213 ESTABLISHED 6758/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60219 ESTABLISHED 8421/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60196 ESTABLISHED 7486/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60206 ESTABLISHED 7520/imapd tcp0 0 139.124.132.126:993 82.240.88.126:63218 ESTABLISHED 6288/imapd tcp0 0 139.124.132.126:993 82.240.88.126:60158 ESTABLISHED 5504/imapd I don't know how many processes we can have with a decent speed. For the moment, it turns to be around 1000 processes, but I don't know the max whe can stand. So the idea of mayak can be a solution. Filter with iptables 193.218.15.25 13 82.240.88.126 16 80.13.69.148 12 for the top, I got lines like this: Apr 14 16:10:25 smtp imaps[13462]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:11:43 smtp imaps[13530]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:11:43 smtp imaps[31581]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:12:41 smtp imaps[13644]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:12:42 smtp imaps[13481]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:15:08 smtp imaps[14234]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:15:08 smtp imaps[29088]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:17:14 smtp imaps[14080]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Apr 14 16:17:15 smtp imaps[14212]: login: val13-2-82-240-88-126.fbx.proxad.net [82.240.88.126] x plaintext+TLS User logged in Checking mail a little bit too much. 2009/4/14 Joseph Brennan bren...@columbia.edu LALOT Dominique dom.la...@gmail.com wrote: Hello, I've looked at google before asking, but I didn't find something. Some imap clients are using many tcp connexions. I would like to know if there is a way to limit them? This could make the client fail and increase your helpdesk calls. Do you mean more than five? Whatever you do should check both host and user, so that you don't cut off multiple users on a timeshare host or a firewall gateway. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
Strange to see so many logins spread over a short time. They seem to be in pairs, which is the way some clients start up. I wonder if the client thinks the connection has dropped, and so it starts new sessions. I realize the server's netstat shows them as still connected. It might be interesting to log sessions and see what's going on. Or to strace live processes. And of course ask the user what it looks like from his/her end. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
2009/4/14 Joseph Brennan bren...@columbia.edu Strange to see so many logins spread over a short time. They seem to be in pairs, which is the way some clients start up. I wonder if the client thinks the connection has dropped, and so it starts new sessions. I realize the server's netstat shows them as still connected. It might be interesting to log sessions and see what's going on. Or to strace live processes. And of course ask the user what it looks like from his/her end. That's what I will do. But I'm trying to find configuration options to get the server stronger faced to bad behaved clients. I've seen once entourage on macosx ignoring 5xx code from our smtp server, and trying to upload a 50Mo file every minute. I don't know what will be this one. Dom Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: limit tcp sessions opened by an IMAP client
LALOT Dominique dom.la...@gmail.com wrote: . I've seen once entourage on macosx ignoring 5xx code from our smtp server, and trying to upload a 50Mo file every minute. Outlook will try every second, under some conditions! Funny, I was thinking Outlook Express for this imap problem. I've seen it start a new imap login to see whether there's new mail in the inbox it already has open (this is horrible in U Wash imap, where the new session kills the older one). If these were evenly timed, like every 5 minutes, I would have said Outlook Express. But these are at irregular intervals, so I think it's something else. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
