1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - anvil(8) </title> 6</head> <body> <pre> 7ANVIL(8) ANVIL(8) 8 9<b>NAME</b> 10 anvil - Postfix session count and request rate control 11 12<b>SYNOPSIS</b> 13 <b>anvil</b> [generic Postfix daemon options] 14 15<b>DESCRIPTION</b> 16 The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec- 17 tion counts or client request rates. This information can be used to 18 defend against clients that hammer a server with either too many simul- 19 taneous sessions, or with too many successive requests within a config- 20 urable time interval. This server is designed to run under control by 21 the Postfix <a href="master.8.html"><b>master</b>(8)</a> server. 22 23 In the following text, <b>ident</b> specifies a (service, client) combination. 24 The exact syntax of that information is application-dependent; the 25 <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care. 26 27<b>CONNECTION COUNT/RATE CONTROL</b> 28 To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> 29 server: 30 31 <b>request=connect</b> 32 <b>ident=</b><i>string</i> 33 34 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections 35 and the number of connections per unit time for the (service, client) 36 combination specified with <b>ident</b>: 37 38 <b>status=0</b> 39 <b>count=</b><i>number</i> 40 <b>rate=</b><i>number</i> 41 42 To register a disconnect event send the following request to the 43 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 44 45 <b>request=disconnect</b> 46 <b>ident=</b><i>string</i> 47 48 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with: 49 50 <b>status=0</b> 51 52<b>MESSAGE RATE CONTROL</b> 53 To register a message delivery request send the following request to 54 the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 55 56 <b>request=message</b> 57 <b>ident=</b><i>string</i> 58 59 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery 60 requests per unit time for the (service, client) combination specified 61 with <b>ident</b>: 62 63 <b>status=0</b> 64 <b>rate=</b><i>number</i> 65 66<b>RECIPIENT RATE CONTROL</b> 67 To register a recipient request send the following request to the 68 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 69 70 <b>request=recipient</b> 71 <b>ident=</b><i>string</i> 72 73 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per 74 unit time for the (service, client) combination specified with <b>ident</b>: 75 76 <b>status=0</b> 77 <b>rate=</b><i>number</i> 78 79<b>TLS SESSION NEGOTIATION RATE CONTROL</b> 80 The features described in this section are available with Postfix 2.3 81 and later. 82 83 To register a request for a new (i.e. not cached) TLS session send the 84 following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 85 86 <b>request=newtls</b> 87 <b>ident=</b><i>string</i> 88 89 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 90 per unit time for the (service, client) combination specified with 91 <b>ident</b>: 92 93 <b>status=0</b> 94 <b>rate=</b><i>number</i> 95 96 To retrieve new TLS session request rate information without updating 97 the counter information, send: 98 99 <b>request=newtls_report</b> 100 <b>ident=</b><i>string</i> 101 102 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 103 per unit time for the (service, client) combination specified with 104 <b>ident</b>: 105 106 <b>status=0</b> 107 <b>rate=</b><i>number</i> 108 109<b>AUTH RATE CONTROL</b> 110 To register an AUTH request send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> 111 server: 112 113 <b>request=auth</b> 114 <b>ident=</b><i>string</i> 115 116 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of auth requests per unit 117 time for the (service, client) combination specified with <b>ident</b>: 118 119 <b>status=0</b> 120 <b>rate=</b><i>number</i> 121 122<b>SECURITY</b> 123 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and 124 can run chrooted at fixed low privilege. 125 126 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about 127 recent clients requests. No persistent state is kept because standard 128 system library routines are not sufficiently robust for update-inten- 129 sive applications. 130 131 Although the in-memory state is kept only temporarily, this may require 132 a lot of memory on systems that handle connections from many remote 133 clients. To reduce memory usage, reduce the time unit over which state 134 is kept. 135 136<b>DIAGNOSTICS</b> 137 Problems and transactions are logged to <b>syslogd</b>(8). 138 139 Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs 140 the maximal count and rate values measured, together with (service, 141 client) information and the time of day associated with those events. 142 In order to avoid unnecessary overhead, no measurements are done for 143 activity that isn't concurrency limited or rate limited. 144 145<b>BUGS</b> 146 Systems behind network address translating routers or proxies appear to 147 have the same client address and can run into connection count and/or 148 rate limits falsely. 149 150 In this preliminary implementation, a count (or rate) limited server 151 process can have only one remote client at a time. If a server process 152 reports multiple simultaneous clients, state is kept only for the last 153 reported client. 154 155 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information 156 after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding 157 client request rate information too early or too late, a rate limited 158 service should always register connect/disconnect events even when it 159 does not explicitly limit them. 160 161<b>CONFIGURATION PARAMETERS</b> 162 On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati- 163 cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On 164 other mail systems, use the command "<b>postfix reload</b>" to speed up a 165 change. 166 167 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 168 more details including examples. 169 170 <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b> 171 The time unit over which client connection rates and other rates 172 are calculated. 173 174 <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b> 175 How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server 176 logs peak usage information. 177 178 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 179 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 180 figuration files. 181 182 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 183 How much time a Postfix daemon process may take to handle a 184 request before it is terminated by a built-in watchdog timer. 185 186 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 187 The time limit for sending or receiving information over an 188 internal communication channel. 189 190 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 191 The maximum amount of time that an idle Postfix daemon process 192 waits for an incoming connection before terminating voluntarily. 193 194 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 195 The maximal number of incoming connections that a Postfix daemon 196 process will service before terminating voluntarily. 197 198 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 199 The process ID of a Postfix command or daemon process. 200 201 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 202 The process name of a Postfix command or daemon process. 203 204 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 205 The syslog facility of Postfix logging. 206 207 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 208 The mail system name that is prepended to the process name in 209 syslog records, so that "smtpd" becomes, for example, "post- 210 fix/smtpd". 211 212<b>SEE ALSO</b> 213 <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server 214 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 215 <a href="master.5.html">master(5)</a>, generic daemon options 216 217<b>README FILES</b> 218 <a href="TUNING_README.html">TUNING_README</a>, performance tuning 219 220<b>LICENSE</b> 221 The Secure Mailer license must be distributed with this software. 222 223<b>HISTORY</b> 224 The anvil service is available in Postfix 2.2 and later. 225 226<b>AUTHOR(S)</b> 227 Wietse Venema 228 IBM T.J. Watson Research 229 P.O. Box 704 230 Yorktown Heights, NY 10598, USA 231 232 Wietse Venema 233 Google, Inc. 234 111 8th Avenue 235 New York, NY 10011, USA 236 237 ANVIL(8) 238</pre> </body> </html> 239