At 9:26 PM +0200 2003/10/22, Markus Stumpf wrote:
We have some busy mailservers running a connenction limit of 250 parallel
connections at all.
Which is known to be a bad idea.
While I have noticed I have no problems with 50 connections in tarpit from
different hosts (some from the same) you can easily run in a homegrown
DoS if the number of concurrent tarpitted connections becomes too high.
This is why. Don't restrict yourself to a given number of
simultaneous parallel connections, unless you understand the risks
and are willing to live with the consequences. This is laid out in
the documentation for both sendmail and postfix, and presumably for
other MTAs as well.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg