1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 5<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 6<title> Postfix manual - anvil(8) </title> 7</head> <body> <pre> 8ANVIL(8) ANVIL(8) 9 10<b>NAME</b> 11 anvil - Postfix session count and request rate control 12 13<b>SYNOPSIS</b> 14 <b>anvil</b> [generic Postfix daemon options] 15 16<b>DESCRIPTION</b> 17 The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec- 18 tion counts or client request rates. This information can be used to 19 defend against clients that hammer a server with either too many simul- 20 taneous sessions, or with too many successive requests within a config- 21 urable time interval. This server is designed to run under control by 22 the Postfix <a href="master.8.html"><b>master</b>(8)</a> server. 23 24 In the following text, <b>ident</b> specifies a (service, client) combination. 25 The exact syntax of that information is application-dependent; the 26 <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care. 27 28<b>CONNECTION COUNT/RATE CONTROL</b> 29 To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> 30 server: 31 32 <b>request=connect</b> 33 <b>ident=</b><i>string</i> 34 35 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections 36 and the number of connections per unit time for the (service, client) 37 combination specified with <b>ident</b>: 38 39 <b>status=0</b> 40 <b>count=</b><i>number</i> 41 <b>rate=</b><i>number</i> 42 43 To register a disconnect event send the following request to the 44 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 45 46 <b>request=disconnect</b> 47 <b>ident=</b><i>string</i> 48 49 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with: 50 51 <b>status=0</b> 52 53<b>MESSAGE RATE CONTROL</b> 54 To register a message delivery request send the following request to 55 the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 56 57 <b>request=message</b> 58 <b>ident=</b><i>string</i> 59 60 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery 61 requests per unit time for the (service, client) combination specified 62 with <b>ident</b>: 63 64 <b>status=0</b> 65 <b>rate=</b><i>number</i> 66 67<b>RECIPIENT RATE CONTROL</b> 68 To register a recipient request send the following request to the 69 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 70 71 <b>request=recipient</b> 72 <b>ident=</b><i>string</i> 73 74 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per 75 unit time for the (service, client) combination specified with <b>ident</b>: 76 77 <b>status=0</b> 78 <b>rate=</b><i>number</i> 79 80<b>TLS SESSION NEGOTIATION RATE CONTROL</b> 81 The features described in this section are available with Postfix 2.3 82 and later. 83 84 To register a request for a new (i.e. not cached) TLS session send the 85 following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 86 87 <b>request=newtls</b> 88 <b>ident=</b><i>string</i> 89 90 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 91 per unit time for the (service, client) combination specified with 92 <b>ident</b>: 93 94 <b>status=0</b> 95 <b>rate=</b><i>number</i> 96 97 To retrieve new TLS session request rate information without updating 98 the counter information, send: 99 100 <b>request=newtls_report</b> 101 <b>ident=</b><i>string</i> 102 103 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 104 per unit time for the (service, client) combination specified with 105 <b>ident</b>: 106 107 <b>status=0</b> 108 <b>rate=</b><i>number</i> 109 110<b>AUTH RATE CONTROL</b> 111 To register an AUTH request send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> 112 server: 113 114 <b>request=auth</b> 115 <b>ident=</b><i>string</i> 116 117 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of auth requests per unit 118 time for the (service, client) combination specified with <b>ident</b>: 119 120 <b>status=0</b> 121 <b>rate=</b><i>number</i> 122 123<b>SECURITY</b> 124 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and 125 can run chrooted at fixed low privilege. 126 127 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about 128 recent clients requests. No persistent state is kept because standard 129 system library routines are not sufficiently robust for update-inten- 130 sive applications. 131 132 Although the in-memory state is kept only temporarily, this may require 133 a lot of memory on systems that handle connections from many remote 134 clients. To reduce memory usage, reduce the time unit over which state 135 is kept. 136 137<b>DIAGNOSTICS</b> 138 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 139 140 Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs 141 the maximal count and rate values measured, together with (service, 142 client) information and the time of day associated with those events. 143 In order to avoid unnecessary overhead, no measurements are done for 144 activity that isn't concurrency limited or rate limited. 145 146<b>BUGS</b> 147 Systems behind network address translating routers or proxies appear to 148 have the same client address and can run into connection count and/or 149 rate limits falsely. 150 151 In this preliminary implementation, a count (or rate) limited server 152 process can have only one remote client at a time. If a server process 153 reports multiple simultaneous clients, state is kept only for the last 154 reported client. 155 156 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information 157 after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding 158 client request rate information too early or too late, a rate limited 159 service should always register connect/disconnect events even when it 160 does not explicitly limit them. 161 162<b>CONFIGURATION PARAMETERS</b> 163 On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati- 164 cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On 165 other mail systems, use the command "<b>postfix reload</b>" to speed up a 166 change. 167 168 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 169 more details including examples. 170 171 <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b> 172 The time unit over which client connection rates and other rates 173 are calculated. 174 175 <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b> 176 How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server 177 logs peak usage information. 178 179 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 180 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 181 figuration files. 182 183 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 184 How much time a Postfix daemon process may take to handle a 185 request before it is terminated by a built-in watchdog timer. 186 187 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 188 The time limit for sending or receiving information over an 189 internal communication channel. 190 191 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 192 The maximum amount of time that an idle Postfix daemon process 193 waits for an incoming connection before terminating voluntarily. 194 195 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 196 The maximal number of incoming connections that a Postfix daemon 197 process will service before terminating voluntarily. 198 199 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 200 The process ID of a Postfix command or daemon process. 201 202 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 203 The process name of a Postfix command or daemon process. 204 205 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 206 The syslog facility of Postfix logging. 207 208 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 209 A prefix that is prepended to the process name in syslog 210 records, so that, for example, "smtpd" becomes "prefix/smtpd". 211 212 Available in Postfix 3.3 and later: 213 214 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 215 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 216 217<b>SEE ALSO</b> 218 <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server 219 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 220 <a href="master.5.html">master(5)</a>, generic daemon options 221 222<b>README FILES</b> 223 <a href="TUNING_README.html">TUNING_README</a>, performance tuning 224 225<b>LICENSE</b> 226 The Secure Mailer license must be distributed with this software. 227 228<b>HISTORY</b> 229 The anvil service is available in Postfix 2.2 and later. 230 231<b>AUTHOR(S)</b> 232 Wietse Venema 233 IBM T.J. Watson Research 234 P.O. Box 704 235 Yorktown Heights, NY 10598, USA 236 237 Wietse Venema 238 Google, Inc. 239 111 8th Avenue 240 New York, NY 10011, USA 241 242 ANVIL(8) 243</pre> </body> </html> 244