On Tuesday, Aug 12, 2003, at 23:49 US/Central, Ricardo Kleemann wrote:
Hi,
I haven't gotten an answer to this so I'm reposting it...
Thanks for any suggestions.
I couldn't find this in the documentation, what is the
setting for this upper limit on number of connections?
MAXPERC and MAXPERIP variables, set in the configuration
file.
Also, this limit is based on certain window of time?
What time frame constitutes "too many connections"?
The time frame is "at any given time". Connections from
the same IP address or the same /24 where there are
already the maximum number of existing connections, are
rejected.
So actually this can't really prevent "floods", I mean
there's a difference between getting 100 connections from an
IP in a period of 1 day and getting 100 connections in a
period of 1 minute. The first doesn't constitute a problem,
the second represents a flood problem.
It's quite an important distinction and it's important to
try and prevent floods.
Is the only way, then, to differentiate between the two to
have a global filter running which keeps track of
connections?
Well, I wouldn't say it's the *only* way. You could always patch
Courier to add that functionality instead.
Or write a log monitor that looks for IP's that are doing this kind of
thing to you, and then automatically edits your BLOCK rules or some
such solution.
But if you're asking "do I have to write code myself to do this sort of
thing?", then yes... I believe you probably do. -- Unless Sam is
feeling very accommodating, and is working on it already and merely
keeping quiet.
-jab
8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: detecting/pre...
