![]() Your operating system can give you more insight into connections and resource usage. If you don't expect to have any but think that possibly someone might have to configure one temporarily or on an emergency basis, you might leave it enabled but severely limit the maximum connections (and remember that current versions can also limit specific users from specific services). If you don't have any POP3 users, you'd probably shut that off entirely. Connection attempt to service HTTPS from IPĪddress 96.237.161.229 rejected: too many connections. If your limits are exceeded, you will see a message in the "Warning" log: Limiting also prevents one service from hogging all the servers time (though of course it doesn't prevent your network from being swamped by attempts) On the other hand, they may not, but even if they do, temporary rejections may still have value as annoyance and providing a little more time for a new spammer to get added to a real-time blacklist. What happens when spammers get temporarily rejected? Well, they may do what a legitimate mail server would do: come back and try again at a later time. We could go back to the logs to see what actually happened during those peaks in this case the spikes were caused by spammers. That chart is in 30 minute intervals, so concurrent connections were likely far less. Service LimitsĪnother place where we can set limits is in each service that we accept:įor example, here we see that most of the time, SMTP connections were well under 100, only peaking above that rarely. If the maximum per hour is set too low, it could interfere with that conversation. You'd think we might also set a low number for the maximum number of messages per hour from one address, but that's not necessarily wise: consider an active conversation where two or more people are emailing back and forth for some period of time. At some point (dependent upon them, again), they'd give up. Under extremely pathological conditions, mail could end up being permanently rejected if the sending server had reason to keep trying more than five connections and the excess connections always were for the same message. The length of the delay depends on their configuration. Note that if a server did try more than five, mail should not be lost, only delayed. ![]() That's probably far too low for most businesses, but in this particular case the server only handles two users, so it is unlikely that a sending server should need or want to make a great deal of simultaneus connections. Here we have set a very low number of concurrent SMTP connections from one IP address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |