ietf-smtp
[Top] [All Lists]

Re: Mail Data termination

2011-08-21 21:18:31

Murray S. Kucherawy wrote:

And if you somehow have so many open connections from clients that you can't accept any more and another connection tries to arrive, select the one that's been idle the longest, close it down (releasing resources), and accept the new one. Or just generally trim your idle timeout down.

Is there a loading limit in your arsenal against DoS attacks? Is there such a thing as resource limits even for a Modern OS? And is it reasonable for the CS client to pass the cost burden on the receiver to solve what is only a client problem?

If the sender doesn't like closing and opening connections, then surely
it's just as beneficial for the sender to wait 10 seconds before
starting to send a message, then if another message to the same
destination arrives within that 10 seconds, it can batch them up without
adding unnecessary load to the receiver.

That's exactly how the connection cache works in some instances, depending on whether or not the sender is configured to make an immediate delivery attempt, or just wait for a queue run.

Thats better than a Connection Hogging design. They should wait the 5 seconds themselves and don't push its problem to receivers.

I'm really surprised there's so much sudden consternation about this feature given how many MTAs have it, and the fact that it's been around for well over a decade. Somehow, in that time, the sky hasn't fallen.

It took a long time for people to see the SKY is fallen with pollution and constant abuse before action is taken.

The effects has been marginal by keeping small holding time but it has already reduced higher potential throughput with average sessions times between 4-7 and mostly like explains why some systems see false positives in DoS Attacks.

Connection Hogging is not an cooperative engineering design that only serves the client only, not the receiver and new SMTP ideas will emerge to get back fast session transactions such as a SERVER instant drop after the ONE transaction is complete. Let them connect again if they wish to send another message.

--
Sincerely

Hector Santos
http://www.santronics.com


<Prev in Thread] Current Thread [Next in Thread>