robin.wakefi...@ubs.com:
> Hi,
>
> Can any explain how to read the connection information that is
> stored by the anvil service. I would like to analyse the information
> so that I can raise alerts and/or send the messages from internal
> clients to the HOLD queue for subsequent deletion/release.
Transgressiona are logged by smtpd(8):
Message delivery request rate limit exceeded: %d from %s for service %s
Recipient address rate limit exceeded: %d from %s for service %s
New TLS session rate limit exceeded: %d from %s for service %s
Refusing STARTTLS request from %s for service %s
Connection concurrency limit exceeded: %d from %s for service %s
Connection rate limit exceeded: %d from %s for service %s
Where %d is a number, %s is hostname[address], and %s is service:client.
Statistics are logged by anvil:
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection rate
4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection count 3
for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max recipient rate
4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:09
In the last 60 seconds there were 4 connections from 2604:8d00:0:1::7,
three connections from 2604:8d00:0:1::7, and 4 RCPT TO commands from
2604:8d00:0:1::7. This system does not rate limit messages, so it
keeps no statistics on those events.
Wietse
