Nataraj put forth on 5/26/2010 10:06 PM: > How does rate limiting work in conjunction with postscreen? Can the > various rate limits be applied to postcreen or would rate limiting no > longer be necessary. I run in a vmware virtual machine which used to > fall on its knees from both bot and snowshoe attacks and since I added > the rate limits that I previously posted, I haven't had any major > problems (been running with the rate limits for several years). I often > see attacks like the one below where it will log these rate limit > exceeded messages over the course of several minutes before the > attackers go away. And yes, I do see attacks that come from multiple IP's.
I've not used postscreen yet myself. I can only speak to what's been said here on the list. Others will certainly correct any misconceptions I may have. Postscreen is a bot (primarily) spam "shield" daemon that sits in front of smtpd. My understanding is that the postscreen process does its own rate limiting and tarpitting as well as some other tricks. With the old (pre-2.8) Postfix rate limiting method alone and no postscreen, each simultaneous inbound smtp connection requires a separate smtpd process to handle the connection. Thus, if you have 50 simultaneous inbound connections, and 48 are spam, you're needlessly running 48 extra smtpd processes, eating up a potentially large amount of memory. With postscreen on 2.8, it handles all inbound connections in one process instance, and only passes on connections to smtpd processes once it determines they're likely not spam connections. Postscreen is a single process, and is optimized to deal with bot spam connections quickly and efficiently. It consumes far less cpu and memory resources dealing with bot spam than the "old" smtpd only method of accepting connections. Wietse wrote it specifically for sites which have very high connection volumes due to bot spam. If you are such a site, I'd definitely recommend giving postscreen a test run. As the name implies, it screens out most of the junk connections that would normally bog down servers. http://www.postfix.org/postscreen.8.html -- Stan
