[nycbug-talk] Postfix filter for Exchange

Peter Wright pete at nomadlogic.org
Thu Jul 27 12:10:29 EDT 2006 

> On Thu, 27 Jul 2006, Pete Wright wrote:
>
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those who
>> write the offending code, but it still happens from time to time.
>>
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have the
>> time to learn exchange.
>>
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is there
>> a sendmail milter that does this already that i don't know about?
>>
>> thanks!
>> -pete
>>
>>
>
> I actually use sendmail to ratelimit this kind of stuff fairly easily
> actually. There are a couple settings in sendmail.cf that throttle
> connection frequency, one is
>
> # maximum number of new connections per second
> O ConnectionRateThrottle=8
>
>
> Also, you can do things like this:
>
> # load average at which we just queue messages
> #O QueueLA=8
>
> # load average at which we refuse connections
> #O RefuseLA=12
>
> # log interval when refusing connections for this long
> #O RejectLogInterval=3h
>
> # load average at which we delay connections; 0 means no limit
> #O DelayLA=0
>
> # maximum number of children we allow at one time
> #O MaxDaemonChildren=0
>
>
> and tune those so that it doesn't get so out of hand as well, no need for
> milters, this is all sendmail.cf settings itself.
>
> I mean theoertically you can also write something in .cf itself to filter
> the keywords from the offending scripts.... *laugh*
>
> Hope that helps.
>

hey thanks trish!

i thought about sendmail rate limiting for a bit, but frankly we just want
these mail's to goto /dev/null.  9 times outta 10 we have a user write a
script that will email 100 people when a render job is finished - yet the
script has no logic so get's caught in a loop and starts flooding the
exchange box.  at this point - we don't even want these email's to get to
exchange.  sadly, i'm a little shy to start hacking sendmail to do this as
i am already pretty fleuent in postfix....maybe it's time to stop slacking
and get my sendmail.cf foo up to par ;)

-pete



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459

More information about the talk mailing list