On Fri, 2009-05-22 at 14:37 -0400, Victor Duchovni wrote: > Connection rate (rather than concurrency) limits are rather risky, > a site with legitimate mail to send, and a lot of senders, may not be > able to deliver any mail to you in the face of a load-spike.
I can see your point, but any load spike I tend to see is usually associated with the sending of UCE or DOS attempts. > > If that IP presents another '50' connections in the new > > window of 30 minutes - say connections 51-101 - they will also be given > > 45x errors. If connection 102 falls inside this period it then starts > > giving 55x errors to that IP. It will reset when it sees nothing from > > that IP in 30 minutes. > > This is really lame rate control mechanism. It fails catastrophically > when a legitimate site has a spike of email in your direction. Consider > generous connection concurrency limits, and avoid rate limits unless > they are very generous, and would NEVER be hit by a legitimate sender. > It may be 'lame' but it is tried, tested and works extremely well on the particular appliance concerned. Trusted IP's that are likely to exceed the rate control settings are exempted so spikes are a bit of a non issue. I agree it could use some improvement, but it's a feature I bitterly miss from Postfix. I can't get Anvil to work anything like this in a reliable way. It's early days for me with Postfix so I will probably grow to love the way it does or does not do things :-)
