In my last post I wrote about hardening sendmail against DDoS-Attacks. As someone has pointed out to me, I have missed an important option:
define(`confMAX_DAEMON_CHILDREN', `count')dnl
This option defines the maximum number of sendmail-processes allowed, before sendmail start rejecting incoming connections with a temporary error.
count should be chosen with great care. I recommend to check the average number of sendmail-processes per second on a "standard" day, and triple that number. This way, you ensure that even in peak-times you will have a high enough limit, but in case of real trouble the number of processes won't explode, and the machine will remain operable.
Example: If you have an average of 20 concurrent sendmail-processes, set count to 60. I would never recommend a value below 30, though.
Tags: Configuration, DDoS, denial-of-service, hardening, mail-server, security, sendmail