On Tue, 1 May 2007, Tim wrote:
On Mon, 2007-04-30 at 12:40 -0400, Steve Friedman wrote:
The general consensus on the postfix mailing idea is that Greet Pause is a
bad idea (TM). What it ends up doing is (a) delay legitimate mail and (b)
DoS your own server as you now take longer to handle legitimate mail. Any
mail source that would fail greet pause will also fail numerous other
checks that don't inconvenience your intended users (and your own system).
How does it work? If it pauses the current connection with that server,
independently of any other system trying to send you mail, then only one
thing at a time gets delayed, so it shouldn't be a DOS. But if sendmail
pauses completely while one thing talks to it, and won't do anything
else until that task is completed, yes, I see potential problems.
It's a DoS because the system can have only a finite number of sockets
open (this is both a kernel limit and a postfix tuning parameter limit),
and greet pause ties them up doing nothing for a period of time. Recall
that postfix is written to support many operating systems and not all OSs
(especially the older ones, e.g., linux 2.4) support epoll (enabling
greater than 1024 elements in the select()). Consequently, on an active
server, legitimate connections will be denied because of a lack of an
available socket and thus you've denied service to a legit user.
Steve