--On Friday, December 10, 2004 16:43 +1100 Craig Sanders <cas@taz.net.au> wrote:
DoS is a huge exaggeration. a few smtpd processes waiting to timeout does not constitute a DoS. neither does a few dozen.
I had about 800 waiting around in just a few minutes on the one server I began testing it on, but this is a large installation. And this isn't peak time...It's holding at around 1000 blocked hosts, most of them for blacklist infractions.
because you suddenly start dropping their inbound packets while still 'in-flight' as it were. postfix's default timeouts are about 300s, so you'll want to turn those down (300s seems too generous to me for most of them anyway)aside from the DoS exaggeration, that is true, but i don't care....or more accurately, i care more about spammer noise in my logs and the bandwidth that spammers waste. i have more than enough smtpd processes, ram, and cpu power available to cope with a few (or even several dozen) smtpds waiting to time out.
I suppose my advisory is more for larger sites, on my home system I'd have never noticed it nor even thought about it. But when you've got a lot of mail (and a number of customer domains that just tend to attract junk) it's easy to get a lot of processes hanging around.
i can also cope with the eventual dropped connection messages in the logs - instead of vaguely annoying me like the spam rejects do, they give me a feeling of satisfaction that i have in some small way slowed down the spamware by silently dropping their packets.