Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

anvil with snapshot 1229 ?

0 views
Skip to first unread message

J.D. Bronson

unread,
Dec 30, 2005, 7:33:04 PM12/30/05
to
I am setup with anvil like this:

smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 3
smtpd_delay_reject = no
smtpd_client_connection_count_limit = 2
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_connection_rate_limit = 15
anvil_rate_time_unit = 1800s

I had thought this would permit no more than 2 simultaneous
connections and no more than 15 connections within a 1800s window.

I have had some tosspot sending me all day over and over and postfix
is rejecting fine, but I dont see any increase in the anvil count:

For example:

Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:02:34
Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 15:02:34
Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:12:37
Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 15:12:37
Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:32:45
Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 15:32:45
Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:42:49
Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 15:42:49
Dec 30 16:18:23 cheyenne postfix/anvil[3830]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 16:13:01
Dec 30 16:18:23 cheyenne postfix/anvil[3830]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 16:13:01
Dec 30 16:36:30 cheyenne postfix/anvil[3872]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 16:33:07
Dec 30 16:36:30 cheyenne postfix/anvil[3872]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 16:33:07
Dec 30 17:18:22 cheyenne postfix/anvil[3985]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 17:13:22
Dec 30 17:18:22 cheyenne postfix/anvil[3985]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 17:13:22
Dec 30 17:26:49 cheyenne postfix/anvil[3999]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 17:23:26
Dec 30 17:26:49 cheyenne postfix/anvil[3999]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 17:23:26
Dec 30 17:36:53 cheyenne postfix/anvil[4012]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 17:33:29
Dec 30 17:36:53 cheyenne postfix/anvil[4012]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 17:33:29
Dec 30 17:48:38 cheyenne postfix/anvil[4025]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 17:43:35
Dec 30 17:48:38 cheyenne postfix/anvil[4025]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 17:43:35
Dec 30 17:57:02 cheyenne postfix/anvil[4042]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 17:53:39
Dec 30 17:57:02 cheyenne postfix/anvil[4042]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 17:53:39
Dec 30 18:17:10 cheyenne postfix/anvil[4117]: statistics: max
connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 18:13:46
Dec 30 18:17:10 cheyenne postfix/anvil[4117]: statistics: max
connection count 1 for (smtp:64.140.235.198) at Dec 30 18:13:46

I am going to dump this IP at the firewall, but was wondering if I
was missing something here in my config that would permit this. It
has been going on since 0730 am today about each 10mins.

?

-JD

Ralf Hildebrandt

unread,
Dec 31, 2005, 12:41:19 PM12/31/05
to
* J.D. Bronson <jbro...@wixb.com>:

> I am setup with anvil like this:
>
> smtpd_soft_error_limit = 3
> smtpd_hard_error_limit = 3
> smtpd_delay_reject = no
> smtpd_client_connection_count_limit = 2
> smtpd_client_event_limit_exceptions = $mynetworks
> smtpd_client_connection_rate_limit = 15
> anvil_rate_time_unit = 1800s
>
> I had thought this would permit no more than 2 simultaneous
> connections and no more than 15 connections within a 1800s window.

Yep.

> Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:02:34
> Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:02:34
> Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:12:37
> Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:12:37
> Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:32:45
> Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:32:45
> Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:42:49
> Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:42:49

I (and Postfix) see just ONE connection every 1800s
Do you have log entries the show MORE connecions from this one
(connection from 64.140.235.198)?

--
Ralf Hildebrandt (Ralf.Hil...@charite.de) spam...@charite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.postfix-buch.com
Why you can't find your system administrators:
Just look up at the ceiling (Think 'Aliens') -- Grant Denkinson Grant.D...@nottingham.ac.uk

J.D. Bronson

unread,
Dec 31, 2005, 12:54:22 PM12/31/05
to
At 11:41 AM 12/31/2005, you wrote:
>* J.D. Bronson <jbro...@wixb.com>:

> > I am setup with anvil like this:
> >
> > smtpd_soft_error_limit = 3
> > smtpd_hard_error_limit = 3
> > smtpd_delay_reject = no
> > smtpd_client_connection_count_limit = 2
> > smtpd_client_event_limit_exceptions = $mynetworks
> > smtpd_client_connection_rate_limit = 15
> > anvil_rate_time_unit = 1800s
> >
> > I had thought this would permit no more than 2 simultaneous
> > connections and no more than 15 connections within a 1800s window.
>
>Yep.

>
> > Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:02:34
> > Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max
> connection count 1 for (smtp:64.140.235.198) at Dec 30 15:02:34
> > Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:12:37
> > Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max
> connection count 1 for (smtp:64.140.235.198) at Dec 30 15:12:37
> > Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:32:45
> > Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max
> connection count 1 for (smtp:64.140.235.198) at Dec 30 15:32:45
> > Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:42:49
> > Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max
> connection count 1 for (smtp:64.140.235.198) at Dec 30 15:42:49
>
>I (and Postfix) see just ONE connection every 1800s
>Do you have log entries the show MORE connecions from this one
>(connection from 64.140.235.198)?
>
>--
>Ralf Hildebrandt (Ralf.Hil...@charite.de)

But this connecting machine kept connecting each 10mins (almost
exact) and certainly those were within the 1800s ??

I just blocked it at the firewall for now.

-JD

Ralf Hildebrandt

unread,
Dec 31, 2005, 1:07:32 PM12/31/05
to
* J.D. Bronson <jbro...@wixb.com>:

> >> Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:02:34
> >> Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:02:34

10m

> >> Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:12:37
> >> Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:12:37

13m

> >> Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:32:45
> >> Dec 30 15:39:04 cheyenne postfix/anvil[3721]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:32:45

17m

> >> Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:42:49
> >> Dec 30 15:46:12 cheyenne postfix/anvil[3736]: statistics: max connection count 1 for (smtp:64.140.235.198) at Dec 30 15:42:49

Postfix sees one connection from 64.140.235.198 and logs these at
irregular intervals!

> But this connecting machine kept connecting each 10mins (almost exact) and certainly those were within the 1800s ??

So it seems. I don't understand this.

--
Ralf Hildebrandt (Ralf.Hil...@charite.de) spam...@charite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.postfix-buch.com
Why you can't find your system administrators:

They are in the cellars conducting the rituals to keep the machines running

Wietse Venema

unread,
Dec 31, 2005, 2:05:55 PM12/31/05
to
J.D. Bronson:

> Dec 30 15:05:57 cheyenne postfix/anvil[1595]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:02:34

Logged 3:23 (203 seconds) after the connection starts. smtpd
terminates after 100s idle time, and anvil terminates 100s
after smtpd disconnects from it.

> Dec 30 15:16:00 cheyenne postfix/anvil[1606]: statistics: max
> connection rate 1/1800s for (smtp:64.140.235.198) at Dec 30 15:12:37

Same deal here.

This "problem" happens only on servers that have no remote connection
for more than 200 seconds. Otherwise the anvil server will keep
running.

This could be fixed by not having anvil terminate after 100s idle
time. See untested patch below.

But since this is an overload protection mechanism, I don't worry
too much about systems that are idle for hundreds of seconds.

Wietse

*** ./anvil.c- Wed Oct 12 15:52:51 2005
--- ./anvil.c Sat Dec 31 14:04:46 2005
***************
*** 937,942 ****
--- 937,948 ----
* Do not limit the number of client requests.
*/
var_use_limit = 0;
+
+ /*
+ * Don't exit before the sampling interval ends.
+ */
+ if (var_idle_limit < var_anvil_time_unit)
+ var_idle_limit = var_anvil_time_unit;
}

/* main - pass control to the multi-threaded skeleton */

0 new messages