Wietse Venema wrote:
Something that will drastically cut the time per session:
smtpd_timeout = ${stress?10s}${stress:300s}
I would be concerned about sites that are chronically short of
smtpd processes with an inexperienced or inattentive admin.
Maybe 20s~30s rather than 10s. That's still 10x or more
better performance under stress, and 30s has been shown to be
safe for everyday use.
smtpd_hard_error_limit = ${stress?2}${stress:20}
Yes. Or stress?1. Whatever...
Suppose we have two settings, one for the DATA stage where we have
valid recipients, and one for the non-DATA stages.
Then, the default settings would look like this:
smtpd_timeout = ${stress?10s}${stress:300s}
smtpd_data_timeout = $smtpd_timeout
$smtpd_non_data_timeout = $smtpd_timeout
This sounds appealing, but I don't have the information to
know if different timeouts would make much real-world difference.
Victor Duchovni wrote:
> I guess disabling reverse DNS lookups under stress is too
drastic. It
> would certainly not help folks with
"reject_unknown_client", even if
> implemented correctly as a "transient" (due to stress)
lookup failure.
Too many people rely on name-based whitelists and blacklists.
Such behavior would be quite surprising for an
out-of-the-box install. but I think you know that already.
--
Noel Jones
