[kwlug-disc] clearing close_wait
John Van Ostrand
john at netdirect.ca
Thu Mar 24 20:39:45 EDT 2011
----- Original Message -----
> Not related to CLOSE_WAIT but to prevent this issue of an IP opening a
> lot of
> connections you can setup the proper parameter in your mail server
> (for example for Postfix
> http://www.postfix.org/postconf.5.html#smtpd_client_connection_count_limit
> )
> , xinited also can limit the number of simultaneous client
> connections. Or directly from iptables using
> connlimit: http://www.cyberciti.biz/faq/iptables-connection-limits-howto/
Good direction Fernando.
It's also a good idea to do a greeting delay. This works well for us. The idea is that your MTA accepts connections and if the remote IP is not on your network or localhost it enforces a 15 second delay before issuing the first 220 message. Spam daemons don't wait for that and start the SMTP conversation. When the MTA sees traffic before issuing the 220 it rejects all commands for the session.
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list