Re: [Exim] Re: Bagle, unqualified HELO, time delays

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Chris Edwards
Data:  
Para: Fred Viles
CC: exim-users
Assunto: Re: [Exim] Re: Bagle, unqualified HELO, time delays
On Wed, 3 Mar 2004, Fred Viles wrote:

| This raises an interesting point. RFC2821 says a 5 minute timeout is
| a SHOULD, not a MUST. It turns out that at least one legitimate MTA
| (Mercury/32) does not wait that long. With a 90 second delay
| introduced, it gave up trying to send.


It too am confused about sending and receiving here.

The above implies a mercury sending client wouldn't wait for your (exim?)
server imposing a 90s delay.

| I've just had an interesting conversation with Mercury/32's author,
| David Harris, about the wisdom of following the RFC timeout
| recommendations. He pointed out that waiting five minutes for
| commands from a sender exposes a receiving MTA to a trivial DDoS
| attack, with no practical benefit.


But this implies a mercury server won't be willing to wait for its
clients.

How long does DH think a server _should_ wait, if it wishes to avoid
"trivial DDoS" ?

FWIW we still have a couple of mercury installations haunting the campus.
But we don't let them anywhere _near_ the internet, otherwise they'd be
er...trivially DDoS'd!


--
Chris Edwards, Glasgow University Computing Service