Email ???

Steve Friedman steve at adsi-m4.com
Tue May 1 16:42:53 UTC 2007


On Tue, 1 May 2007, Guy Fraser wrote:

>> It's a DoS because the system can have only a finite number of sockets
>> open (this is both a kernel limit and a postfix tuning parameter limit),
>> and greet pause ties them up doing nothing for a period of time.  Recall
>> that postfix is written to support many operating systems and not all OSs
>> (especially the older ones, e.g., linux 2.4) support epoll (enabling
>> greater than 1024 elements in the select()).  Consequently, on an active
>> server, legitimate connections will be denied because of a lack of an
>> available socket and thus you've denied service to a legit user.
>>
>
> Then you must also consider connection limiting and throttling DoS
> as well. Your facts don't line up with reality. This system can and
> does work well, when sendmail and the system are configured to make
> allowances for the delay, even when each server is processing over a
> million messages per month.
>

Your server; your rules; however, I am interested neither in debating 
semantics nor foolish configurations.  One million messages per month -> 
10^6 / (30 * 86400) = 0.385 messages / second.  This is a low traffic 
site.  As an aside, I would suggest that you whitelist servers from which 
you've already accepted mail to avoid foolishly penalizing your intended 
correspondents.

Steve Friedman




More information about the users mailing list