[Mimedefang] milter timing out.

Jon R. Kibler Jon.Kibler at aset.com
Wed Feb 4 10:50:25 EST 2004


-ray wrote:
> 
> On Mon, 2 Feb 2004, Jon R. Kibler wrote:
> 
> >      a) Set the ConnectionRateThrottle option to a low value (4) so that
> > sendmail will not accept more than 4 connections per second. Connections
> > are not refused, sendmail just delays responding to them. (With MyDoom,
> > we have seen connection rate bursts > 100 new connections/sec/MTA.)
> 
> Dumb question, but how are you determining your ConnectionRate?  I'm
> hesitant to throttle it before i know what a "good" number for our system
> is.  thanks.
> 

Up your sendmail logging option (10 will log inbound, 12 will log both inbound and outbound) and you will get a log entry for every connection that occurs. Look at how many connections you have in a given period of time, and that will give you your rate. You don't want to run with a high logging option value for a long period of time, or your log will grow huge and VERY fast!

Don't worry about lost mail (unless you set it WAY too low) -- if you set your connection rate too low, the originating side will simply see 'connection refused', temp fail the message, and retry later. 

The approach we took for a WAG value -- which worked -- was to take to total number of connections on busy day, computed how may connections a second that would be, and set the throttle to 10 times that value. Currently, we are seeing the throttle kick in on less than 5% of the connections and the throttle seldom holds for more than 10 seconds -- which is well within the connection timeout for most versions of Unix (which, according to the Bat Book, is usually 75 seconds).

Hope this helps!

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the MIMEDefang mailing list