How can MailScanner "push back"?

[Richard Frovarp]

Leland J. Steinke wrote:
> Has anybody set up a scheme where MailScanner tells the MTA to stop or 
> slow message acceptance, short of blocking inbound port 25, when 
> message scanning gets too far behind?
>
> We use postfix (so I will try not to reply to my own message).  I have 
> been playing with the idea of tuning the number of inbound smtpd 
> processes in master.cf to match the capacity of the MailScanner 
> instance running on the underlying hardware.  The initial results are 
> not particularly encouraging.  Even with in-house RBLs and reduced 
> spam-score thresholds for RBL addition, some of our servers are being 
> overrun with apparent StormWorm emails from IPs all over the map, 
> reducing the RBL's effectiveness.
>
> As another way to slow the onslaught in postfix, I added extra client 
> and HELO restrictions, adding reject_unknown_client and 
> reject_unknown_hostname to smtpd_{client,helo}_restrictions, 
> respectively.  It looks like the HELO restriction is blocking almost 
> as much legitimate mail as illegitimate.
>
>
> Leland

We usually only have issues of one of our boxes getting hammered. If you 
run multiple machines, and only one is getting hammered, blocking 25 
isn't a bad thing. The load will the hopefully go over to your other 
boxes. If it's spam and you're really lucky it might even stop (never 
seen this, hence the lucky part). I've shut off our incoming sendmail 
process on an overloaded box to let it catch up. It actually requires 
stopping the service MailScanner stop, service MailScanner startout, and 
check_mailscanner calls. An automated method of controlling postfix of 
iptables would probably work just as well, so long as all of your 
servers don't trip at the same time.