summaryrefslogtreecommitdiffstats
path: root/html/anvil.8.html
diff options
context:
space:
mode:
Diffstat (limited to 'html/anvil.8.html')
-rw-r--r--html/anvil.8.html242
1 files changed, 242 insertions, 0 deletions
diff --git a/html/anvil.8.html b/html/anvil.8.html
new file mode 100644
index 0000000..2acb09a
--- /dev/null
+++ b/html/anvil.8.html
@@ -0,0 +1,242 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title> Postfix manual - anvil(8) </title>
+</head> <body> <pre>
+ANVIL(8) ANVIL(8)
+
+<b>NAME</b>
+ anvil - Postfix session count and request rate control
+
+<b>SYNOPSIS</b>
+ <b>anvil</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec-
+ tion counts or client request rates. This information can be used to
+ defend against clients that hammer a server with either too many simul-
+ taneous sessions, or with too many successive requests within a config-
+ urable time interval. This server is designed to run under control by
+ the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
+
+ In the following text, <b>ident</b> specifies a (service, client) combination.
+ The exact syntax of that information is application-dependent; the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care.
+
+<b>CONNECTION COUNT/RATE CONTROL</b>
+ To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
+ server:
+
+ <b>request=connect</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections
+ and the number of connections per unit time for the (service, client)
+ combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>count=</b><i>number</i>
+ <b>rate=</b><i>number</i>
+
+ To register a disconnect event send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=disconnect</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with:
+
+ <b>status=0</b>
+
+<b>MESSAGE RATE CONTROL</b>
+ To register a message delivery request send the following request to
+ the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=message</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery
+ requests per unit time for the (service, client) combination specified
+ with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>RECIPIENT RATE CONTROL</b>
+ To register a recipient request send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=recipient</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per
+ unit time for the (service, client) combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>TLS SESSION NEGOTIATION RATE CONTROL</b>
+ The features described in this section are available with Postfix 2.3
+ and later.
+
+ To register a request for a new (i.e. not cached) TLS session send the
+ following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=newtls</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+ To retrieve new TLS session request rate information without updating
+ the counter information, send:
+
+ <b>request=newtls_report</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>AUTH RATE CONTROL</b>
+ To register an AUTH request send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
+ server:
+
+ <b>request=auth</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of auth requests per unit
+ time for the (service, client) combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>SECURITY</b>
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and
+ can run chrooted at fixed low privilege.
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about
+ recent clients requests. No persistent state is kept because standard
+ system library routines are not sufficiently robust for update-inten-
+ sive applications.
+
+ Although the in-memory state is kept only temporarily, this may require
+ a lot of memory on systems that handle connections from many remote
+ clients. To reduce memory usage, reduce the time unit over which state
+ is kept.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs
+ the maximal count and rate values measured, together with (service,
+ client) information and the time of day associated with those events.
+ In order to avoid unnecessary overhead, no measurements are done for
+ activity that isn't concurrency limited or rate limited.
+
+<b>BUGS</b>
+ Systems behind network address translating routers or proxies appear to
+ have the same client address and can run into connection count and/or
+ rate limits falsely.
+
+ In this preliminary implementation, a count (or rate) limited server
+ process can have only one remote client at a time. If a server process
+ reports multiple simultaneous clients, state is kept only for the last
+ reported client.
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information
+ after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding
+ client request rate information too early or too late, a rate limited
+ service should always register connect/disconnect events even when it
+ does not explicitly limit them.
+
+<b>CONFIGURATION PARAMETERS</b>
+ On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati-
+ cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On
+ other mail systems, use the command "<b>postfix reload</b>" to speed up a
+ change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
+ The time unit over which client connection rates and other rates
+ are calculated.
+
+ <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
+ How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server
+ logs peak usage information.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+
+<b>README FILES</b>
+ <a href="TUNING_README.html">TUNING_README</a>, performance tuning
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The anvil service is available in Postfix 2.2 and later.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ ANVIL(8)
+</pre> </body> </html>