1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - anvil(8) </title> 6</head> <body> <pre> 7ANVIL(8) ANVIL(8) 8 9<b>NAME</b> 10 anvil - Postfix session count and request rate control 11 12<b>SYNOPSIS</b> 13 <b>anvil</b> [generic Postfix daemon options] 14 15<b>DESCRIPTION</b> 16 The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec- 17 tion counts or client request rates. This information can be used to 18 defend against clients that hammer a server with either too many simul- 19 taneous sessions, or with too many successive requests within a config- 20 urable time interval. This server is designed to run under control by 21 the Postfix <a href="master.8.html"><b>master</b>(8)</a> server. 22 23 In the following text, <b>ident</b> specifies a (service, client) combination. 24 The exact syntax of that information is application-dependent; the 25 <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care. 26 27<b>CONNECTION COUNT/RATE CONTROL</b> 28 To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> 29 server: 30 31 <b>request=connect</b> 32 <b>ident=</b><i>string</i> 33 34 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections 35 and the number of connections per unit time for the (service, client) 36 combination specified with <b>ident</b>: 37 38 <b>status=0</b> 39 <b>count=</b><i>number</i> 40 <b>rate=</b><i>number</i> 41 42 To register a disconnect event send the following request to the 43 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 44 45 <b>request=disconnect</b> 46 <b>ident=</b><i>string</i> 47 48 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with: 49 50 <b>status=0</b> 51 52<b>MESSAGE RATE CONTROL</b> 53 To register a message delivery request send the following request to 54 the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 55 56 <b>request=message</b> 57 <b>ident=</b><i>string</i> 58 59 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery 60 requests per unit time for the (service, client) combination specified 61 with <b>ident</b>: 62 63 <b>status=0</b> 64 <b>rate=</b><i>number</i> 65 66<b>RECIPIENT RATE CONTROL</b> 67 To register a recipient request send the following request to the 68 <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 69 70 <b>request=recipient</b> 71 <b>ident=</b><i>string</i> 72 73 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per 74 unit time for the (service, client) combination specified with <b>ident</b>: 75 76 <b>status=0</b> 77 <b>rate=</b><i>number</i> 78 79<b>TLS SESSION NEGOTIATION RATE CONTROL</b> 80 The features described in this section are available with Postfix 2.3 81 and later. 82 83 To register a request for a new (i.e. not cached) TLS session send the 84 following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server: 85 86 <b>request=newtls</b> 87 <b>ident=</b><i>string</i> 88 89 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 90 per unit time for the (service, client) combination specified with 91 <b>ident</b>: 92 93 <b>status=0</b> 94 <b>rate=</b><i>number</i> 95 96 To retrieve new TLS session request rate information without updating 97 the counter information, send: 98 99 <b>request=newtls_report</b> 100 <b>ident=</b><i>string</i> 101 102 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests 103 per unit time for the (service, client) combination specified with 104 <b>ident</b>: 105 106 <b>status=0</b> 107 <b>rate=</b><i>number</i> 108 109<b>SECURITY</b> 110 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and 111 can run chrooted at fixed low privilege. 112 113 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about 114 recent clients requests. No persistent state is kept because standard 115 system library routines are not sufficiently robust for update-inten- 116 sive applications. 117 118 Although the in-memory state is kept only temporarily, this may require 119 a lot of memory on systems that handle connections from many remote 120 clients. To reduce memory usage, reduce the time unit over which state 121 is kept. 122 123<b>DIAGNOSTICS</b> 124 Problems and transactions are logged to <b>syslogd</b>(8). 125 126 Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs 127 the maximal count and rate values measured, together with (service, 128 client) information and the time of day associated with those events. 129 In order to avoid unnecessary overhead, no measurements are done for 130 activity that isn't concurrency limited or rate limited. 131 132<b>BUGS</b> 133 Systems behind network address translating routers or proxies appear to 134 have the same client address and can run into connection count and/or 135 rate limits falsely. 136 137 In this preliminary implementation, a count (or rate) limited server 138 process can have only one remote client at a time. If a server process 139 reports multiple simultaneous clients, state is kept only for the last 140 reported client. 141 142 The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information 143 after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding 144 client request rate information too early or too late, a rate limited 145 service should always register connect/disconnect events even when it 146 does not explicitly limit them. 147 148<b>CONFIGURATION PARAMETERS</b> 149 On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati- 150 cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On 151 other mail systems, use the command "<b>postfix reload</b>" to speed up a 152 change. 153 154 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 155 more details including examples. 156 157 <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b> 158 The time unit over which client connection rates and other rates 159 are calculated. 160 161 <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b> 162 How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server 163 logs peak usage information. 164 165 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 166 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 167 figuration files. 168 169 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 170 How much time a Postfix daemon process may take to handle a 171 request before it is terminated by a built-in watchdog timer. 172 173 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 174 The time limit for sending or receiving information over an 175 internal communication channel. 176 177 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 178 The maximum amount of time that an idle Postfix daemon process 179 waits for an incoming connection before terminating voluntarily. 180 181 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 182 The maximal number of incoming connections that a Postfix daemon 183 process will service before terminating voluntarily. 184 185 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 186 The process ID of a Postfix command or daemon process. 187 188 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 189 The process name of a Postfix command or daemon process. 190 191 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 192 The syslog facility of Postfix logging. 193 194 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 195 The mail system name that is prepended to the process name in 196 syslog records, so that "smtpd" becomes, for example, "post- 197 fix/smtpd". 198 199<b>SEE ALSO</b> 200 <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server 201 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 202 <a href="master.5.html">master(5)</a>, generic daemon options 203 204<b>README FILES</b> 205 <a href="TUNING_README.html">TUNING_README</a>, performance tuning 206 207<b>LICENSE</b> 208 The Secure Mailer license must be distributed with this software. 209 210<b>HISTORY</b> 211 The anvil service is available in Postfix 2.2 and later. 212 213<b>AUTHOR(S)</b> 214 Wietse Venema 215 IBM T.J. Watson Research 216 P.O. Box 704 217 Yorktown Heights, NY 10598, USA 218 219 ANVIL(8) 220</pre> </body> </html> 221