cowboy me, 2.0: jose nazario beauty and the street


new postfix feature: anvil

the new experimental version of the highly respectable postfix mail daemon implements a tool called anvil, which can do connection rate throttling:
DESCRIPTION
The Postfix anvil server maintains short-term statistics to defend against clients that hammer a server with either too many parallel connections or with too many successive connection attempts within a configurable time interval. This server is designed to run under control by the Post- fix master server.
ifyou look at the postfix-2.0.16-20031231.RELEASE_NOTES you'll get a better idea of what it does. it's very cool, and can do things like statistical baselining to help you get an idea of your servers' load from various sites. it doesn't yet look as flexible as vthrottle, but i did take an idea implemented: list entry expiration. prune the list of older entries (which you may see infrequently) to keep performance up. makes a lot of sense. anvil has a serious drawback, however, in that it cannot currently handle more than one connection at a time (vthrottle is fully thread-safe and can handle it, but requires you to run sendmail). vthrottle has a tool called "vmeasure" which can do that baselining for you to come up with reasonable, flexible whitelists.

pointed out by floh.

i wish postfix had a milter like API to extend the system. i don't like the thought of having to implement an RFC2821 mail parser just to redo vthrottle for postfix. milter is nice in that it hands you the state transition information at the appropriate time. no ambiguity about what caused the state transition and what state you're in.

|

----

| archives

Last modified: Saturday, Mar 13, 2004 @ 09:37am
Weblog Commenting and Trackback by HaloScan.com

Your Ad Here

copyright © 2002-2005 jose nazario, all rights reserved.