Saturday, 14 November 2020

anvil - Unix, Linux Command

LPI Study Material, LPI Exam Prep, LPI Tutorial and Material, LPI Certification, LPI Guides

NAME

anvil - Postfix session count and request rate control

SYNOPSIS

anvil [generic Postfix daemon options]

DESCRIPTION

The Postfix anvil(8) server maintains statistics about client connection counts or client request rates. This information can be used to defend against clients that hammer a server with either too many simultaneous sessions, or with too many successive requests within a configurable time interval. This server is designed to run under control by the Postfix master(8) server.

In the following text, ident specifies a (service, client) combination. The exact syntax of that information is application-dependent; the anvil(8) server does not care.

CONNECTION COUNT/RATE CONTROL

To register a new connection send the following request to the anvil(8) server:

request=connect

ident=string

The anvil(8) server answers with the number of simultaneous connections and the number of connections per unit time for the (service, client) combination specified with ident:

status=0

count=number

rate=number

To register a disconnect event send the following request to the anvil(8) server:

request=disconnect

ident=string

The anvil(8) server replies with:

   status=0

MESSAGE RATE CONTROL

To register a message delivery request send the following request to the anvil(8) server:

request=message

ident=string

The anvil(8) server answers with the number of message delivery requests per unit time for the (service, client) combination specified with ident:

status=0

rate=number

RECIPIENT RATE CONTROL

To register a recipient request send the following request to the anvil(8) server:

request=recipient

ident=string

The anvil(8) server answers with the number of recipient addresses per unit time for the (service, client) combination specified with ident:

status=0

rate=number

TLS SESSION NEGOTIATION RATE CONTROL

LPI Study Material, LPI Exam Prep, LPI Tutorial and Material, LPI Certification, LPI Guides
The features described in this section are available with Postfix 2.3 and later.

To register a request for a new (i.e. not cached) TLS session send the following request to the anvil(8) server:

request=newtls

ident=string

The anvil(8) server answers with the number of new TLS session requests per unit time for the (service, client) combination specified with ident:

status=0

rate=number

To retrieve new TLS session request rate information without updating the counter information, send:

request=newtls_report

ident=string

The anvil(8) server answers with the number of new TLS session requests per unit time for the (service, client) combination specified with ident:

status=0

rate=number

SECURITY

The anvil(8) server does not talk to the network or to local users, and can run chrooted at fixed low privilege.

The anvil(8) server maintains an in-memory table with information about recent clients requests. No persistent state is kept because standard system library routines are not sufficiently robust for update-intensive applications.

Although the in-memory state is kept only temporarily, this may require a lot of memory on systems that handle connections from many remote clients. To reduce memory usage, reduce the time unit over which state is kept.

Related Posts

0 comments:

Post a Comment