CONNECTION RATE CONTROL FOR SENDMAIL ------------------------------------ This patch adds connection rate control feature to sendmail. This means : - sendmail counts on a sliding window the number of connections for each smtp client, and if it exceeds maximum configured value, connection is refused with a TEMPFAIL result. - you may surely want to exclude some hosts/networks from this control (local networks, trusted networks, ...). You may indicate the list of trusted servers (by ip address) at some configuration file. This file Table of Contents : 1. Remarks 2. Changes and History 3. Getting the stuff 4. Stuff Contents 5. Installing ****************************************************************** REMARKS : --------- * This feature will be integrated into sendmail in a future version. * This feature is experimental. Some details on the way it works or its interface may change in the future. * The contents of this stuff is valid for sendmail 8.12.9 All feedback, comments and questions about this stuff are welcome : Jose-Marcio.Martins@ensmp.fr (the maintainer) with CC to sendmail@sendmail.org CHANGES AND HISTORY : --------------------- 2003/06/11 - Jose Marcio Martins da Cruz - First Release 2003/07/03 - Jose Marcio Martins da Cruz Two macros were defined : - {client_rate} : connection rate of the client - {server_rate} : connection rate of the server GETTING THE STUFF : ------------------- You can download all you need at : http://j-chkmail.ensmp.fr/sm You need the two patches you'll find there. STUFF CONTENTS : ---------------- This stuff contains two patches : - ratectrl.src.patch : this patch shall be used to modify /PATH_TO_SRC/sendmail-8.12.9/sendmail - sendmail C source files - ratectrl.cf.patch : this patch shall be used to modify /PATH_TO_SRC/sendmail-8.12.9/cf - m4 configuration kit for sendmail - rate.mc : this is an example of configuration file to be used with this stuff, if you want to do connection rate control with rulesets. To use it, you shall define the variable : D{RuleRateMaxClient}5 This contribution comes from Stephane Lentz Stephane.Lentz@ansf.alcatel.fr INSTALLING : ------------ 1. Copy the patches : cd /PATH_TO/sendmail-8.12.9 cp /elsewhere/ratectrl.src.patch . cp /elsewhere/ratectrl.cf.patch . 2. Eventually save original source code : cp -pr sendmail sendmail.org cp -pr cf cf.org 3. Apply the patches cd sendmail patch < ../ratectrl.src.patch cd ../cf patch < ../ratectrl.cf.patch 4. Inform sendmail Build system that you want to use this stuff Add the following line to the file devtools/Site/site.config.m4 : APPENDDEF(`confENVDEF',`-D_FFR_CONNECTION_RATE_CONTROL') 5. Rebuild sendmail and install cd /PATH_TO/sendmail-8.12.9 ./Build -c su ./Build install 6. Modify your configuration file (sendmail.mc for your site) You may add the following lines : FEATURE(rate_control) This will create the following lines at your sendmail.cf file : ----- O CheckConnectionRate=True F{rate_exclude} -o /etc/mail/rate-control-exclude # maximum server connection rate (connections / minute) #O MaxConnectionRate=600 # maximum connection rate per client (connections / minute) #O MaxClientConnectionRate=5 # Width of the window #O ConnectionRateWindowSize=60 ---- Configuration parameters you may define at your mc file confRATE_EXCLUDE_FILE The name of the file defining class {rate_exclude}. Access to the server will be granted to IP hosts networks matching this class without connection rate control. Default Value : /etc/mail/rate-control-exclude confMAX_CLIENT_CONNECTION_RATE : Maximum connections per minute allowed for hosts/networks not matching {rate_exclude} class. Default Value : 5 connections / minute. confMAX_CONNECTION_RATE : Maximum connections per minute for the server. Default Value : 600 connections / minute. confCONNECTION_RATE_WINDOW_SIZE : Width of the measuring sliding window. The value used to do rate control is the mean of the number of connections inside this window. Default Value : 60 (1 minute)