By joesciallo on Feb 05, 2007
In the current version of Messaging Server 6.x (and for that matter, 5.x), to limit email coming to the Messaging Server MTA from a particular sending host (IP address), you use the shared library,
conn_throttle.so in the Port Access mapping table. Limiting connections by particular IP addresses can be useful for preventing excessive connections used in denial-of-service attacks. This technique is also referred to as "throttling" a host (or IP address).
Messaging Server 6.3 will extend this ability with MeterMaid. MeterMaid enables throttling by determining when an IP address has recently connected too often and should be turned away for awhile. MeterMaid represents the officer patrolling the streets, looking for those who have exceeded their allotted amount. It is a repository process that supplants
conn_throttle.so, providing similar functionality but extending it across the Messaging Server product. In addition, MeterMaid is more configurable than
conn_throttle.so. Of note: No further enhancements will be made to
conn_throttle.so going forward.
The primary improvements by MeterMaid are that it is a single repository of the throttling information that can be accessed by all systems and processes within the Messaging Server environment. It continues to maintain an in-memory database to store this data to maximize performance. Restarting MeterMaid will lose all information previously stored, but since the data is typically very short lived, the cost of such a restart (done infrequently) is very low.
MeterMaid is accessed from the MTA through a mapping table callout using
check_metermaid.so. It can be called from any of the
_ACCESS tables. When called from the
PORT_ACCESS table, it can be used to check limits based on the IP address of the connection which will be the most common way to implement MeterMaid as a replacement for the older
conn_throttle.so. If called from other
_ACCESS tables, MeterMaid can also be used to establish limits on other data such as the envelope from or envelope to addresses as well as IP addresses.
Only one entrypoint in
check_metermaid.so is defined. The throttle routine contacts MeterMaid providing two subsequent arguments separated by commas. The first is the name of the table against which the data will be checked, and the second is the data to be checked. If the result from the probe is that the particular data being checked has exceeded its quota in that table,
check_metermaid.so returns "success" so that the mapping engine will continue processing this entry. The remainder of the entry would then be used to handle this connection that has exceeded its quota.
Again, your definitive source of information on MeterMaid, once 6.3 is out, will be the chapter 19 in the Messaging Server 6.3 Administration Guide.