Tim wrote:
How does it work? If it pauses the current connection with that server,
independently of any other system trying to send you mail, then only one
thing at a time gets delayed, so it shouldn't be a DOS. But if sendmail
pauses completely while one thing talks to it, and won't do anything
else until that task is completed, yes, I see potential problems.
Steve Friedman:
It's a DoS because the system can have only a finite number of sockets
open (this is both a kernel limit and a postfix tuning parameter limit),
and greet pause ties them up doing nothing for a period of time.
This is a genuine question: Is that actually worse than having the
server tied up dealing with lots of spam?
Remember, there are two sides of the connection. The other end may be a
trying to deliver hundreds of mail list messages to millions of
subscribers while you sit there intentionally delaying it, wasting one
of it's sockets and the RAM associated with your connection attempt.
I would imagine that anyone who wanted to try this approach, would also
want to increase the number of sockets that could be handled, to avoid
getting DOSd.
It would also seem prudent to reset a connection if more traffic came
through when you'd told it to wait.
You don't tell it to wait - it is supposed to wait for your response and
many spam senders don't. However, there are legitimate mail sources
that will drop your connection and move on if you delay very long before
responding.
--
Les Mikesell
lesmikesell@xxxxxxxxx
