[Mimedefang] Back into the loop...

Jonas Eckerman jonas_lists at frukt.org
Tue Oct 24 20:07:37 EDT 2006 

Philip Prindeville wrote:

> First, I want to add some sort of throttling to MdF so that if the
> filter rejects a connection during the HELO or RCPT TO or
> MAIL FROM stages, that it will (for the duration of a throttling
> period) reject incoming connections during the CONNECT stage,

Sounds like a more raical version of what I'm doing in the filter at
http://whatever.frukt.org/mimedefangfilter.text.shtml

I'm storing a time-stamped record in a database for each rejected HELO, unknown users, bad MX and new greylist triplets.

For each connection I count the number of such records for that host that is newer than a certain time (currently 3 minutes, the same as the black period in our greylist). If that count is higher than my limit (currently 10) the connection is tempfailed in filter_relay.

You could probably modify my code to do things your way instead (or just lower the limit to 1 and rase the time window to 1 hour).

> One other thing I wasn't sure about doing, was adding "simultaneity"
> locking as well.  That is, blacklisting additional connections from
> the same site during the duration of a connection.  Most legitimate
> MTA's will open a single connection per site, and then spool
> multiple messages over a single connection.

Two thoughts:

1: Doesn't sendmail have a setting for this allready? I seem to recall that sendmail can limit both the number of concurrent connections from one hosts and the number of new connection in a specified time interval. But maybe I'm just confused.

2: I would not limit it to one connection. If mail has been queueing up on a server for some reason, it might well start a few paralell connections if the interval between queueruns is lower than the time it takes to send the queued mail.

> a database...  and I was wondering what sort of Perl tied hash
> would work well that handles locking and concurrency transparently.

> Anyone prefer one Perl module over another?

I decided to move away from the tied hash stuff for my filters databases. Instead I now use sqlite. It's a server-less SQL database driver for DBI.

It can be fast, it's more flexible than tied hashes, it handles locking and concurrency and it also makes it possible to move to a real SQL server without too many modifications.

Please not that I'm not very good at SQL or SQLite, so it's quite possible that my filter is using them suboptimally.

Regards
/Jonas

-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

More information about the MIMEDefang mailing list