Steve Friedman wrote:
How does it work? If it pauses the current connection with that server,
independently of any other system trying to send you mail, then only one
thing at a time gets delayed, so it shouldn't be a DOS. But if sendmail
pauses completely while one thing talks to it, and won't do anything
else until that task is completed, yes, I see potential problems.
It's a DoS because the system can have only a finite number of sockets
open (this is both a kernel limit and a postfix tuning parameter limit),
and greet pause ties them up doing nothing for a period of time. Recall
that postfix is written to support many operating systems and not all
OSs (especially the older ones, e.g., linux 2.4) support epoll (enabling
greater than 1024 elements in the select()). Consequently, on an active
server, legitimate connections will be denied because of a lack of an
available socket and thus you've denied service to a legit user.
Good luck at explaining that to rabid anti-spam fanatics who don't care
how much damage they cause others in their quest to avoid having to hit
the delete key.
--
Les Mikesell
lesmikesell@xxxxxxxxx
