[nycbug-talk] Postfix filter for Exchange

Trish Lynch trish at bsdunix.net
Thu Jul 27 11:56:23 EDT 2006 

On Thu, 27 Jul 2006, Pete Wright wrote:

> Hi All,
> 	So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should probably move
> to more robust mail solution.  we do have an issue where runaway scripts
> start generating *ton's* of email in a very short period of time.  We
> have been trying our best to resolve this issue by bludgening those who
> write the offending code, but it still happens from time to time.
>
> 	So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange.  The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them.  I am not so sure about that, but do not have the
> time to learn exchange.
>
> 	Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for?  Or is there
> a sendmail milter that does this already that i don't know about?
>
> thanks!
> -pete
>
>

I actually use sendmail to ratelimit this kind of stuff fairly easily 
actually. There are a couple settings in sendmail.cf that throttle 
connection frequency, one is

# maximum number of new connections per second
O ConnectionRateThrottle=8


Also, you can do things like this:

# load average at which we just queue messages
#O QueueLA=8

# load average at which we refuse connections
#O RefuseLA=12

# log interval when refusing connections for this long
#O RejectLogInterval=3h

# load average at which we delay connections; 0 means no limit
#O DelayLA=0

# maximum number of children we allow at one time
#O MaxDaemonChildren=0


and tune those so that it doesn't get so out of hand as well, no need for 
milters, this is all sendmail.cf settings itself.

I mean theoertically you can also write something in .cf itself to filter 
the keywords from the offending scripts.... *laugh*

Hope that helps.


-Trish

-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16

More information about the talk mailing list