PG - how to limit connections/per IP?

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

PG - how to limit connections/per IP?

Unread post by faris »

With qmail on a Plesk box, you can edit /etc/xinetd.d/smtp_psa to add instances= and per_ip= to limit the number of concurrent connections and connections per IP.

I can't figure out how to do this with PG as there's no equivalent file.

I seem to recall something about tcpserver but I don't remember the details.

There seems to be some stuff in /etc/tcpcontrol related to qmail but there are several files and I don't know what's what.

This page http://wiki.qmailtoaster.com/index.php/ ... figuration indicates that there are options that can be added, presumably to one of the above files, but I'm unclear as to where to add what.

I'm also unclear as to how to turn edited .rules files into cdb files

Can someone please enlighten me?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: PG - how to limit connections/per IP?

Unread post by scott »

They can be controlled from /etc/tcpcontrol/smtp.rules using a 2 step process.

Example (from qmail-scanner-reconfigure), add this to the file:
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

And compile the rules, note this does not require a restart to apply the changes. THey are immediate:

tcprules smtp.cdb smtp.tmp <smtp.rules

Note there is a file called "smtp.tmp" here. This is just specifying a temporary filename to the tcprules command, it doesnt need to exist. Its kind of like specifying a mktemp file
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: PG - how to limit connections/per IP?

Unread post by faris »

Thanks Scott.

So we're talking about editing smtp.rules to (for example) look something like this? :


:allow,MAXCONNIP="5",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

Then run:
tcprules smtp.cdb smtp.tmp <smtp.rules

Which would limit the number of connections per IP to 5.

What about the tcpserver -c XX bit? (XX=max connections in total).
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: PG - how to limit connections/per IP?

Unread post by scott »

Yeah, just like that (:allow,var1="x",var2="y",var3="z"), example:

:allow,MAXCONNIP="5",MAXLOAD="500",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"


changing it in the smtp.cdb file will apply against the tcpserver config via the -x flag. There is another place you can get to the raw startup command, and manipulate the -c flag in the tcp-service script: /service/smtpd/run

and look at the line:
readdefault concurrency concurrencysmtpd 20

This changes the total number of SMTP connections, if you wanted finer grained control per IP, you'd do that with MAXCONNIP in smtp.cdb. But theres no reason why you cant use both (I do that myself).

Like the .cdb files, changing these settings do not require a restart to go into effect.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: PG - how to limit connections/per IP?

Unread post by faris »

Thanks Scott. That's really useful info.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply