[exim] Re: smtp_accept_max & DDoS

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andrew C Aitchison
Datum:  
To: Slavko
CC: exim-users
Betreff: [exim] Re: smtp_accept_max & DDoS
On Sat, 13 May 2023, Slavko via Exim-users wrote:

> Dňa 13. mája 2023 8:50:26 UTC používateľ Cyborg via Exim-users <exim-users@???> napísal:
>
>> I suggest to choose your timeout for the kill wisely, as some servers send a big chunk of data slow as hell, but a reasonable amount would be 30s.
>
> As i have separate MSA, would not be more easy to setup
> that timeout right in exim? Will not this have the same effect?...


I don't think we can do the kill from within exim.
We may be able to get exim to fork a process that waits and then kills the 
stuck process, but once it it stuck a process cannot kill itself.

If we can reduce
     smtp_receive_timeout
in the auth acl and increase it again in the data acl,
will that stop the process getting stuck ?

I would still like to know where the delay is actually happening;
currently I guess it is somewhere in the authentication.
In the simplest case the username and credentials (password)
are included in the request and the data is local, so there is no
potential for delay and hence no timeout option for authentication
(that I can find), but challenge-response and using the dovecot 
authenticator both introduce conversations which could cause delays
and require timeouts.
Are you using the dovecot authenticator ?

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/