store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 2:29 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: PG - how to limit connections/per IP?
Unread postPosted: Sat Jan 09, 2016 8:59 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
With qmail on a Plesk box, you can edit /etc/xinetd.d/smtp_psa to add instances= and per_ip= to limit the number of concurrent connections and connections per IP.

I can't figure out how to do this with PG as there's no equivalent file.

I seem to recall something about tcpserver but I don't remember the details.

There seems to be some stuff in /etc/tcpcontrol related to qmail but there are several files and I don't know what's what.

This page http://wiki.qmailtoaster.com/index.php/ ... figuration indicates that there are options that can be added, presumably to one of the above files, but I'm unclear as to where to add what.

I'm also unclear as to how to turn edited .rules files into cdb files

Can someone please enlighten me?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: PG - how to limit connections/per IP?
Unread postPosted: Mon Jan 11, 2016 4:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
They can be controlled from /etc/tcpcontrol/smtp.rules using a 2 step process.

Example (from qmail-scanner-reconfigure), add this to the file:
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

And compile the rules, note this does not require a restart to apply the changes. THey are immediate:

tcprules smtp.cdb smtp.tmp <smtp.rules

Note there is a file called "smtp.tmp" here. This is just specifying a temporary filename to the tcprules command, it doesnt need to exist. Its kind of like specifying a mktemp file


Top
 Profile  
Reply with quote  
 Post subject: Re: PG - how to limit connections/per IP?
Unread postPosted: Tue Jan 12, 2016 7:46 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Thanks Scott.

So we're talking about editing smtp.rules to (for example) look something like this? :


:allow,MAXCONNIP="5",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

Then run:
tcprules smtp.cdb smtp.tmp <smtp.rules

Which would limit the number of connections per IP to 5.

What about the tcpserver -c XX bit? (XX=max connections in total).

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: PG - how to limit connections/per IP?
Unread postPosted: Tue Jan 12, 2016 1:08 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
Yeah, just like that (:allow,var1="x",var2="y",var3="z"), example:

:allow,MAXCONNIP="5",MAXLOAD="500",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"


changing it in the smtp.cdb file will apply against the tcpserver config via the -x flag. There is another place you can get to the raw startup command, and manipulate the -c flag in the tcp-service script: /service/smtpd/run

and look at the line:
readdefault concurrency concurrencysmtpd 20

This changes the total number of SMTP connections, if you wanted finer grained control per IP, you'd do that with MAXCONNIP in smtp.cdb. But theres no reason why you cant use both (I do that myself).

Like the .cdb files, changing these settings do not require a restart to go into effect.


Top
 Profile  
Reply with quote  
 Post subject: Re: PG - how to limit connections/per IP?
Unread postPosted: Thu Jan 14, 2016 1:41 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Thanks Scott. That's really useful info.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group