Monday, April 30, 2012
New Blog Location
We noticed that this blog is still averaging 20 visitors a day. For the latest on MailChannels, email security trends, and our outbound spam filtering software, please visit our new blog!
Thursday, November 6, 2008
Friday, October 3, 2008
The Architecture Of Traffic Control 3.1
This is a response to a question to a question we recently received.
The architecture of the latest version of Traffic Control uses several processes. One process for management, one for logging and then several (default of 3) child processes that are single threaded processes. We have found this single threaded architecture is the most efficient way to handle large volumes of connections. Using mulitple child processes allows us to spread the work across several processors or cores and also allows us to continue processing and renewing processes if any problem were to occur. Also, this allows us to use very few persistent connections to your email server.
We do everything inline. We do recipient validation with your email server, and when we have fully accepted the email and it has passed all our tests it is passed to your email server. We then proxy back the response from the email server to the connecting client. Once again, this is done inline. This is very efficient since the load on the email server is usually vastly reduced due to the number of connections that are removed by our throttling and RBL checks.
Your traffic control looks like a very interesting approach, but there are
a couple of questions I have that your online documentation didn't seem to
answer:
1. One problem I have is that I'm using Apple XServes running OSX 10.5,
which has a hard coded limit of 2500 processes per server. I'm running Exim
which launches one process per email delivery. Does Traffic Control do the
same? If not (eg, it might use a thread per incoming mail connection), then
it could be very useful.
The architecture of the latest version of Traffic Control uses several processes. One process for management, one for logging and then several (default of 3) child processes that are single threaded processes. We have found this single threaded architecture is the most efficient way to handle large volumes of connections. Using mulitple child processes allows us to spread the work across several processors or cores and also allows us to continue processing and renewing processes if any problem were to occur. Also, this allows us to use very few persistent connections to your email server.
2. Does traffic control act as a pass-through SMTP proxy, or does it accept
email, then relay it. This makes a big difference to my rejection policy. I
like to reject at SMTP time, instead of accepting then possibly bouncing
email.
We do everything inline. We do recipient validation with your email server, and when we have fully accepted the email and it has passed all our tests it is passed to your email server. We then proxy back the response from the email server to the connecting client. Once again, this is done inline. This is very efficient since the load on the email server is usually vastly reduced due to the number of connections that are removed by our throttling and RBL checks.
Friday, September 26, 2008
Using syslog with Traffic Control
The file you need to edit is /opt/TrafficControl/conf/log.conf
If you want to direct the Traffic Control log into syslog as well then you can change
to
You can also append ", Syslog" onto the end of the other logs if you wish.
Once the file is edited you can call reload-proxy.sh
If you want to direct the Traffic Control log into syslog as well then you can change
log4perl.logger.traffic_logger = INFO, TrafficLogfile
to
log4perl.logger.traffic_logger = INFO, TrafficLogfile, Syslog
You can also append ", Syslog" onto the end of the other logs if you wish.
log4perl.logger.error_logger = ERROR, ErrorLogfile
log4perl.logger.debug_logger = FATAL, DebugLogfile
Once the file is edited you can call reload-proxy.sh
sudo /opt/TrafficControl/scripts/reload-proxy.sh
Tuesday, July 22, 2008
Installing MailChannels Traffic Control In 90 Seconds!
My previous installation video for MailChannels Traffic Control was 6 minutes long (long!). It actually only takes about 90 seconds to install Traffic Control on your server, so I recorded this video to show that and also save time for those sysadmins that only have 90 seconds and not 6 minutes.
Please visit mailchannels.com/download to freely download Traffic Control
Please visit mailchannels.com/download to freely download Traffic Control
Wednesday, July 16, 2008
You've read the Anvil(8) man page - is this as good as it gets for spam DDoS protection?
MailChannels Traffic Control provides innovative email traffic shaping solutions for organizations of all sizes, enabling customers to simultaneously solve their spam problems and reduce their email infrastructure costs. On this page, you'll learn how Traffic Control compares with Postfix Anvil, and why you should consider Traffic Control if you are already using or considering using Anvil.
Anvil is a light-weight connection rate control mechanism for Postfix, which allows you set limits on how hard someone can hammer your Postfix server. Anvil was created in response to the dramatic up-tick in spam that started happening several years ago, as a way to protect Postfix installations from high connection concurrency and resource exhaustion. It is commonly recommended as the preferred solution to loading issues relating to spam. Anvil is essentially a side-car process that communicates with Postfix to maintain various counters relating to the hosts connected to your Postfix server. Postfix queries anvil to update and retrieve these counters, and take appropriate action to limit the damage from abusive hosts.
Traffic Control is a highly scalable SMTP proxy server that seamlessly integrates with Postfix. It increases connection capacity so that thousands of concurrent connections can be efficiently prioritized with negligible system load. Legitimate connections are processed right away, known spam is rejected, and suspicious connections are slowed down causing the vast majority of spammers to give up before completing message delivery.
Traffic Control integrates seamlessly with Postfix using the XCLIENT command (see www.postfix.org/XCLIENT_README.html), front-ending SMTP connections, and applying TCP traffic shaping to suspicious connections before passing on legitimate email to Postfix. Traffic Control is implemented using a very efficient libevent-based asynchronous IO layer, which enables handling up to 25,000 concurrent SMTP sessions with low overhead.
Our Traffic Control blog is an excellent source of commentary on Traffic Control, and the Traffic Control manual explains how it works in much more detail. Of course, you can always download Traffic Control and try it yourself. Or shoot us an email by filling in our inquiry form.
What is Anvil?
Anvil is a light-weight connection rate control mechanism for Postfix, which allows you set limits on how hard someone can hammer your Postfix server. Anvil was created in response to the dramatic up-tick in spam that started happening several years ago, as a way to protect Postfix installations from high connection concurrency and resource exhaustion. It is commonly recommended as the preferred solution to loading issues relating to spam. Anvil is essentially a side-car process that communicates with Postfix to maintain various counters relating to the hosts connected to your Postfix server. Postfix queries anvil to update and retrieve these counters, and take appropriate action to limit the damage from abusive hosts.
What is Traffic Control?
Traffic Control is a highly scalable SMTP proxy server that seamlessly integrates with Postfix. It increases connection capacity so that thousands of concurrent connections can be efficiently prioritized with negligible system load. Legitimate connections are processed right away, known spam is rejected, and suspicious connections are slowed down causing the vast majority of spammers to give up before completing message delivery.
Traffic Control integrates seamlessly with Postfix using the XCLIENT command (see www.postfix.org/XCLIENT_README.html), front-ending SMTP connections, and applying TCP traffic shaping to suspicious connections before passing on legitimate email to Postfix. Traffic Control is implemented using a very efficient libevent-based asynchronous IO layer, which enables handling up to 25,000 concurrent SMTP sessions with low overhead.
Comparison
| Feature | Postfix Anvil | Traffic Control |
|---|---|---|
| Description | Works in conjunction with Postfix to maintain and enforce connection, message, and other rate limits on a per-host basis. | Applies TCP traffic shaping and connection multiplexing, increasing the capacity of Postfix to handle up to 25,000 concurrent connections, while reducing spam by 70-95% more than connection blocking alone. |
| Method of Operation | Receives connection statistics from Postfix, which are maintained in a database and reported back to Postfix via a TCP socket. Postfix enforces rate limits based on the counts reported by Anvil. | Receives SMTP connections, assessing their reputation and behavior through a commercially supported reputation network and set of customizable triggers. Contacts Postfix via SMTP to validate recipients and other SMTP commands in real time, and finally delivers messages to Postfix if the sender adheres to the SMTP protocol and persists long enough to get its message delivered. |
| Effectiveness against botnets | Rate limiting effectively stops high volume senders from abusing Postfix. Protection against botnet-based attacks is minimal, because individual zombies typically "fly under the radar," making only a limited number of connections. | Hits botnets where it hurts, tying up essential SMTP connection resources and causing 70-95% of zombie-based connections to abort before message delivery has taken place. Abusive high volume senders are forced to wait up to 10 minutes for message delivery, greatly reducing the impact of their traffic on Postfix and downstream users. |
| Pricing | Anvil is free - it is part of the open source Postfix package. | Traffic Control is commercial software; however, it is free for low-volume and non-commercial users. Please refer to our download page for details. |
How to find out more
Our Traffic Control blog is an excellent source of commentary on Traffic Control, and the Traffic Control manual explains how it works in much more detail. Of course, you can always download Traffic Control and try it yourself. Or shoot us an email by filling in our inquiry form.
Friday, July 11, 2008
Where to find the Traffic Control Manual
I had an email this morning from somebody using Traffic Control who wanted to know if there is an online version of the user manual. Yes there is. It can be found in the following locations.
Traffic Control Manual (HTML)
Traffic Control Manual (PDF)
Some key chapters that you'll want to check out are
Traffic Control Manual (HTML)
Traffic Control Manual (PDF)
Some key chapters that you'll want to check out are
Subscribe to:
Posts (Atom)