On Tue, 2007-05-01 at 09:41 -0400, Steve Friedman wrote: > On Tue, 1 May 2007, Tim wrote: > > > On Mon, 2007-04-30 at 12:40 -0400, Steve Friedman wrote: > >> The general consensus on the postfix mailing idea is that Greet Pause is a > >> bad idea (TM). What it ends up doing is (a) delay legitimate mail and (b) > >> DoS your own server as you now take longer to handle legitimate mail. Any > >> mail source that would fail greet pause will also fail numerous other > >> checks that don't inconvenience your intended users (and your own system). > > > > How does it work? If it pauses the current connection with that server, > > independently of any other system trying to send you mail, then only one > > thing at a time gets delayed, so it shouldn't be a DOS. But if sendmail > > pauses completely while one thing talks to it, and won't do anything > > else until that task is completed, yes, I see potential problems. > > > > It's a DoS because the system can have only a finite number of sockets > open (this is both a kernel limit and a postfix tuning parameter limit), > and greet pause ties them up doing nothing for a period of time. Recall > that postfix is written to support many operating systems and not all OSs > (especially the older ones, e.g., linux 2.4) support epoll (enabling > greater than 1024 elements in the select()). Consequently, on an active > server, legitimate connections will be denied because of a lack of an > available socket and thus you've denied service to a legit user. > Then you must also consider connection limiting and throttling DoS as well. Your facts don't line up with reality. This system can and does work well, when sendmail and the system are configured to make allowances for the delay, even when each server is processing over a million messages per month.