Email ???
Steve Friedman
steve at adsi-m4.com
Tue May 1 16:42:53 UTC 2007
On Tue, 1 May 2007, Guy Fraser wrote:
>> It's a DoS because the system can have only a finite number of sockets
>> open (this is both a kernel limit and a postfix tuning parameter limit),
>> and greet pause ties them up doing nothing for a period of time. Recall
>> that postfix is written to support many operating systems and not all OSs
>> (especially the older ones, e.g., linux 2.4) support epoll (enabling
>> greater than 1024 elements in the select()). Consequently, on an active
>> server, legitimate connections will be denied because of a lack of an
>> available socket and thus you've denied service to a legit user.
>>
>
> Then you must also consider connection limiting and throttling DoS
> as well. Your facts don't line up with reality. This system can and
> does work well, when sendmail and the system are configured to make
> allowances for the delay, even when each server is processing over a
> million messages per month.
>
Your server; your rules; however, I am interested neither in debating
semantics nor foolish configurations. One million messages per month ->
10^6 / (30 * 86400) = 0.385 messages / second. This is a low traffic
site. As an aside, I would suggest that you whitelist servers from which
you've already accepted mail to avoid foolishly penalizing your intended
correspondents.
Steve Friedman
More information about the users
mailing list