horok/postfix
1
0
Fork 0
Code Activity
postfix/html/anvil.8.html
Daniel Baumann 75cf244379
Adding upstream version 3.10.2. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-21 14:19:32 +02:00

243 lines
11 KiB
HTML
Raw Permalink Blame History

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"https://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - anvil(8) </title>
</head> <body> <pre>
ANVIL(8) ANVIL(8)
<b><a name="name">NAME</a></b>
anvil - Postfix session count and request rate control
<b><a name="synopsis">SYNOPSIS</a></b>
<b>anvil</b> [generic Postfix daemon options]
<b><a name="description">DESCRIPTION</a></b>
The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec-
tion counts or client request rates. This information can be used to
defend against clients that hammer a server with either too many simul-
taneous sessions, or with too many successive requests within a config-
urable time interval. This server is designed to run under control by
the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
In the following text, <b>ident</b> specifies a (service, client) combination.
The exact syntax of that information is application-dependent; the
<a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care.
<b>CONNECTION COUNT/RATE CONTROL</b>
To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
server:
<b>request=connect</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections
and the number of connections per unit time for the (service, client)
combination specified with <b>ident</b>:
<b>status=0</b>
<b>count=</b><i>number</i>
<b>rate=</b><i>number</i>
To register a disconnect event send the following request to the
<a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=disconnect</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with:
<b>status=0</b>
<b><a name="message_rate_control">MESSAGE RATE CONTROL</a></b>
To register a message delivery request send the following request to
the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=message</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery
requests per unit time for the (service, client) combination specified
with <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b><a name="recipient_rate_control">RECIPIENT RATE CONTROL</a></b>
To register a recipient request send the following request to the
<a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=recipient</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per
unit time for the (service, client) combination specified with <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b><a name="tls_session_negotiation_rate_control">TLS SESSION NEGOTIATION RATE CONTROL</a></b>
The features described in this section are available with Postfix 2.3
and later.
To register a request for a new (i.e. not cached) TLS session send the
following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=newtls</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
per unit time for the (service, client) combination specified with
<b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
To retrieve new TLS session request rate information without updating
the counter information, send:
<b>request=newtls_report</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
per unit time for the (service, client) combination specified with
<b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b><a name="auth_rate_control">AUTH RATE CONTROL</a></b>
To register an AUTH request send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
server:
<b>request=auth</b>
<b>ident=</b><i>string</i>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of auth requests per unit
time for the (service, client) combination specified with <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b><a name="security">SECURITY</a></b>
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and
can run chrooted at fixed low privilege.
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about
recent clients requests. No persistent state is kept because standard
system library routines are not sufficiently robust for update-inten-
sive applications.
Although the in-memory state is kept only temporarily, this may require
a lot of memory on systems that handle connections from many remote
clients. To reduce memory usage, reduce the time unit over which state
is kept.
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs
the maximal count and rate values measured, together with (service,
client) information and the time of day associated with those events.
In order to avoid unnecessary overhead, no measurements are done for
activity that isn't concurrency limited or rate limited.
<b><a name="bugs">BUGS</a></b>
Systems behind network address translating routers or proxies appear to
have the same client address and can run into connection count and/or
rate limits falsely.
In this preliminary implementation, a count (or rate) limited server
process can have only one remote client at a time. If a server process
reports multiple simultaneous clients, state is kept only for the last
reported client.
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information
after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding
client request rate information too early or too late, a rate limited
service should always register connect/disconnect events even when it
does not explicitly limit them.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati-
cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On
other mail systems, use the command "<b>postfix reload</b>" to speed up a
change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
The time unit over which client connection rates and other rates
are calculated.
<b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server
logs peak usage information.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a Postfix daemon
process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.3 and later:
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
<b><a name="see_also">SEE ALSO</a></b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b><a name="readme_files">README FILES</a></b>
<a href="TUNING_README.html">TUNING_README</a>, performance tuning
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b><a name="history">HISTORY</a></b>
The anvil service is available in Postfix 2.2 and later.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
ANVIL(8)
</pre> </body> </html>
View git blame Copy permalink