Re: [Exim] Brain Dead ISP's?

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Exim Users Mailing List
日付:  
To: Suresh Ramasubramanian
CC: Exim Users Mailing List
題目: Re: [Exim] Brain Dead ISP's?
[ On Saturday, July 5, 2003 at 21:39:03 (+0530), Suresh Ramasubramanian wrote: ]
> Subject: Re: [Exim] Brain Dead ISP's?
>
> We only do single line error responses - and teergrubing can be a bigger
> drag on your system than it can be on random other systems.


I suspect you haven't actually measured the impact in real-world
situations where the kind of "pounding" you're worried about is actually
happening -- it's not nearly so big a deal as you're making it out to
be, and indeed it's far less impact than the problem you're complaining
about.

The primary point of error response rate limiting is to protect the
server -- i.e. avoid the problem you complained about. It is only a
secondary benefit that it sometimes also slows down abusers and keeps
them from going on to abuse the next guy quite so quickly. After all we
can't expect every server to have such a good neigbour policy (though it
would be nice if that were so of course).


> Keeping a connection open for that much time, for multiple borken MTAs,
> is painful.


No, actually, it's not -- at least not if you run a decent OS which has
a well implemented and well tested efficient networking stack (and
assuming it also has shared text and copy-on-write support in the VM,
which of course almost all modern unix and unix-like systems do now have).

It's also _FAR_LESS_ impact than having some remote client pounding away
and opening one connection after another with no way to slow it down.
You say you have seen multiple connections over the span of a minute.
Well on some badly abused high-performance systems I've seen more than
one connection come and go per _second_. Holding a connection open for
several minutes is overall only a tiny fraction of the resources
required to handle 60-120 connections per second.

You have to look at the whole picture. You complained about a problem
that's trivially and _completely_ solved by error response rate limiting
and then you whined that the solution was too painful. Well, which is
it?

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>