How to limit the number of simultaneous SMTP connections from a single specific host to a qmail box?
The problem with limiting the global number of connections, i.e., from any host, is that if a spammer uses all the connections your server accepts, legitimate users won't be able to send their messages. If you raise that limit to a high figure, you'll simply allow even more mass mailing. Plus, you'll have a very high load on your system, which can lead to unstability.
A better bet is to limit connections in a per-host basis, which is the solution that's working for us and I'd like to share with you.
First, you'll need to patch ucspi-tcp, specifically the tcpserver program, so that it keeps track of how many connections are open in a per-host basis. I've used the patch by Julian Severn, available at http://js.hu/package/ucspi-tcp/index.html.
Stop qmail (qmailctl stop), apply the patch, build and install the application, and start qmail (qmailctl start). Note that after you've installed it, if you run tcpserver without parameters the help message will show you the new option, [-s perip limit].
Next, you'll have to modify daemontools's run script for SMTP, which default location is /service/qmail-smtpd/run. The simplest change is to add
-s number
where number defines the per-host max. number of simultaneous connections. That is sufficient.
If instead you prefer to use helios-qmail's centralized configuration script, add
-s "$MAXCONNPERHOST" (with the quotes)
to /service/qmail-smtp/run and
MAXCONNPERHOST=number (replace with a value)
to /var/qmail/control/smtpconfig
To reload the configuration, restart qmail (qmailctl restart) and you're done.
Good luck!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How to limit the number of simultaneous SMTP connections from a single specific host to a qmail box?
The problem with limiting the global number of connections, i.e., from any host, is that if a spammer uses all the connections your server accepts, legitimate users won't be able to send their messages. If you raise that limit to a high figure, you'll simply allow even more mass mailing. Plus, you'll have a very high load on your system, which can lead to unstability.
A better bet is to limit connections in a per-host basis, which is the solution that's working for us and I'd like to share with you.
First, you'll need to patch ucspi-tcp, specifically the tcpserver program, so that it keeps track of how many connections are open in a per-host basis. I've used the patch by Julian Severn, available at http://js.hu/package/ucspi-tcp/index.html.
Stop qmail (qmailctl stop), apply the patch, build and install the application, and start qmail (qmailctl start). Note that after you've installed it, if you run tcpserver without parameters the help message will show you the new option, [-s perip limit].
Next, you'll have to modify daemontools's run script for SMTP, which default location is /service/qmail-smtpd/run. The simplest change is to add
-s number
where number defines the per-host max. number of simultaneous connections. That is sufficient.
If instead you prefer to use helios-qmail's centralized configuration script, add
-s "$MAXCONNPERHOST" (with the quotes)
to /service/qmail-smtp/run and
MAXCONNPERHOST=number (replace with a value)
to /var/qmail/control/smtpconfig
To reload the configuration, restart qmail (qmailctl restart) and you're done.
Good luck!