On Wed, 29 Dec 2004, Richard Clayton wrote:
> here's a little gem from some logs for a large ISP from Monday....
Boggle.
> so after 22 minutes cluttering up the machine and 399 delivery attempts
> (imagine the time would be with more timeouts and fewer refusals) it
> finally goes to the fallback machine where it doesn't get in the way of
> the real service that is being provided.
>
> Anyway, I'd suggest that hosts_max_try (at its default setting of 5)
> isn't really sufficient in the face of (effectively) malicious DNS
> contents...
I don't understand why hosts_max_try didn't kick in during this process.
It is indeed supposed to move on to a higher MX number if one exists,
but then it should try only 5 IP addresses (at the default setting). I
wonder why it didn't?
> perhaps a hosts_total_try of 20 or so would be a useful
The problem with that is the problem of bouncing. As I have tried to
document in 30.4, Exim goes to some lengths to ensure that all possible
IP addresses are tried before a message is bounced on a timeout. That
seems to be a good general rule. Previously, when it didn't do this,
less than optimum behaviour resulted.
However, when there are hundreds of addresses to try, I can see that
this isn't so good. But I'm not sure there is a better answer. Sigh.
A general remark is that, whatever one tries to do, in an environment
such as the Internet, which is based on mutual cooperation, it is always
going to be possible for somebody to mount what is effectively a type of
DoS attack.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book