Skip to content
Trends

Is Postfix Anvil(8) as good as it gets for spam DDoS protection?

By Desmond Liao | 3 minute read

Maybe you’ve had to deal with a client that hammers your server with simultaneous sessions, or excessive requests in a given time period. In this post, learn how Traffic Control compares with Postfix Anvil.

What is Anvil?

Anvil is a light-weight connection rate control mechanism for Postfix, which allows you set limits on how hard someone can hammer your Postfix server. Anvil was created in response to the dramatic up-tick in spam that started happening several years ago, as a way to protect Postfix installations from high connection concurrency and resource exhaustion. It is commonly recommended as the preferred solution to loading issues relating to spam. Anvil is essentially a side-car process that communicates with Postfix to maintain various counters relating to the hosts connected to your Postfix server. Postfix queries anvil to update and retrieve these counters, and take appropriate action to limit the damage from abusive hosts.

What is Traffic Control?

Traffic Control is a highly scalable SMTP proxy server that seamlessly integrates with Postfix. It increases connection capacity so that thousands of concurrent connections can be efficiently prioritized with negligible system load. Legitimate connections are processed right away, known spam is rejected, and suspicious connections are slowed down causing the vast majority of spammers to give up before completing message delivery.

Traffic Control integrates seamlessly with Postfix using the XCLIENT command (see www.postfix.org/XCLIENT_README.html), front-ending SMTP connections, and applying TCP traffic shaping to suspicious connections before passing on legitimate email to Postfix. Traffic Control is implemented using a very efficient libevent-based asynchronous IO layer, which enables handling up to 25,000 concurrent SMTP sessions with low overhead.

Comparison

Feature Postfix Anvil Traffic Control
Description Works in conjunction with Postfix to maintain and enforce connection, message, and other rate limits on a per-host basis. Applies TCP traffic shaping and connection multiplexing, increasing the capacity of Postfix to handle 100,000 or more concurrent connections, while eliminating botnet connections with 99.6% effectiveness.
Method of Operation Receives connection statistics from Postfix, which are maintained in a database and reported back to Postfix via a TCP socket. Postfix enforces rate limits based on the counts reported by Anvil. Receives SMTP connections, assessing their reputation and behavior through a commercially supported reputation network and set of customizable triggers. Contacts Postfix via SMTP to validate recipients and other SMTP commands in real time, and finally delivers messages to Postfix if the sender adheres to the SMTP protocol and persists long enough to get its message delivered.
Effectiveness against botnets Rate limiting effectively stops high volume senders from abusing Postfix. Protection against botnet-based attacks is minimal, because individual zombies typically “fly under the radar,” making only a limited number of connections. Hits botnets where it hurts, tying up essential SMTP connection resources and causing 99.6% of zombie-based connections to abort before message delivery has taken place. Abusive high volume senders are forced to wait up to 10 minutes for message delivery, greatly reducing the impact of their traffic on Postfix and downstream users.

Of course, Traffic Control isn’t open source, but that doesn’t mean it’s not easy to get a hold of. If you run a large mail installation and want to try Traffic Control, just fill in our straightforward demo request form and we’ll hook you up with an evaluation copy.

Cut your support tickets and make customers happier