Postfix manual - anvil(8)

ANVIL(8)                                                              ANVIL(8)

NAME
       anvil - Postfix session count and request rate control

SYNOPSIS
       anvil [generic Postfix daemon options]

DESCRIPTION
       The  Postfix  anvil(8) server maintains statistics about client connec-
       tion counts or client request rates. This information can  be  used  to
       defend against clients that hammer a server with either too many simul-
       taneous sessions, or with too many successive requests within a config-
       urable  time interval.  This server is designed to run under control by
       the Postfix master(8) server.

       In the following text, ident specifies a (service, client) combination.
       The  exact  syntax  of  that  information is application-dependent; the
       anvil(8) server does not care.

CONNECTION COUNT/RATE CONTROL
       To register a new connection send the following request to the anvil(8)
       server:

           request=connect
           ident=string

       The anvil(8) server answers with the number of simultaneous connections
       and the number of connections per unit time for the  (service,  client)
       combination specified with ident:

           status=0
           count=number
           rate=number

       To  register  a  disconnect  event  send  the  following request to the
       anvil(8) server:

           request=disconnect
           ident=string

       The anvil(8) server replies with:

           status=0

MESSAGE RATE CONTROL
       To register a message delivery request send the  following  request  to
       the anvil(8) server:

           request=message
           ident=string

       The  anvil(8)  server  answers  with  the  number  of  message delivery
       requests per unit time for the (service, client) combination  specified
       with ident:

           status=0
           rate=number

RECIPIENT RATE CONTROL
       To  register  a  recipient  request  send  the following request to the
       anvil(8) server:

           request=recipient
           ident=string

       The anvil(8) server answers with the number of recipient addresses  per
       unit time for the (service, client) combination specified with ident:

           status=0
           rate=number

TLS SESSION NEGOTIATION RATE CONTROL
       The  features  described in this section are available with Postfix 2.3
       and later.

       To register a request for a new (i.e. not cached) TLS session send  the
       following request to the anvil(8) server:

           request=newtls
           ident=string

       The