On Fri, 25 Feb 2005, Wakko Warner wrote:
> On connect, there are some delays due to DNS lookups, ident lookups,
> etc (if enabled). Lets say *I* want an initial delay of 10 seconds.
> What I want is a delay of 10 seconds from connect time to banner
> being displayed. Ok, so the dns lookup took 5 seconds, ident was
> immediate and there's nothing else at connection time. Delay 10s
> means the true delay is 15 seconds. What if I want to subtract that
> initial delay?
I've done something comparable in the RCPT ACL:
ACL_TOD=acl_m2 # for example
At the start of the ACL we go:
warn set ACL_TOD = $tod_epoch
After all the other potentially-delaying operations, if we decide to
grant the caller a "long wait" (in this example, it's 63 sec), then we
do something like this (OK, the defence against non-positive delays is
a bit crude, but it works):
warn ...
set ACL_TOD = ${eval:63+$ACL_TOD-$tod_epoch}
set ACL_TOD = ${if <{$ACL_TOD}{1} {1}{$ACL_TOD}}
delay = ${ACL_TOD}s
There are some circumstances where this has a useful effect (the
malware or spammer gives up and goes away voluntarily, whereas a
genuine MTA would hang on for at least a couple of minutes - maybe
even for the 5 minutes suggested in the RFC). But what those
circumstances are, isn't really relevant to this thread, and anyway
they change with time, so I'll stop rambling on...
