I don't have the exact statistics in hand, but about 3 years ago a server with ~10K mailboxes was hit constantly with requests, few connections per second.
Sendmail at that time was known for heavy forking, so people used mainly Postfix or Qmail as email front-end servers. I don't know how far Sendmail is improved since then, but I guess it's still forking on every SMTP request. Also in the old days, sendmail was re-reading its configuration after each fork. I hope it's not the case now :) In regards to 5 seconds vs. 30, I honestly don't know. Let's wait till Martin reads these messages here :) Even with 5 seconds delay, an average spam virus attack would blow the server easily if it has to fork on every incoming request. With the new Windows 7 coming up, you never know how vulnerable it's going to be to viruses :) ----- Original Message ---- > From: Chris Meidinger <cmeidin...@sendmail.com> > To: Stanislav Sinyagin <ssinya...@yahoo.com> > Cc: "swinog@lists.swinog.ch" <swinog@lists.swinog.ch> > Sent: Mon, October 19, 2009 9:42:53 PM > Subject: Re: [swinog] Greylisting > > On 19.10.2009, at 21:30, Stanislav Sinyagin wrote: > > > last AprilMartin Blapp has presented a nice concept at SwiNOG: > > > > instead of greylisting, the SMTP server delays the first OK response to > HELO/EHLO > > for 30 seconds. That is usually enough for the vast majority of spambots to > give up. > > Also if the client tries to send something before receiving the OK, the > connection > > is dropped immediately. > > That feature is in stock sendmail. It's called the greet_pause ruleset. > > FEATURE(`greet_pause', `5000') dnl 5 seconds > > causes the MTA to wait 5 seconds before greeting. You could also use 30000 to > make it be 30 seconds, though usually 5 is plenty. > > Check http://www.sendmail.org/documentation/configurationReadme for a further > description of how to implement. > > > I think there should be ways to do it outside of kernel, in userland, in a > nice > > and efficient way. But I never had the time to dig any deeper :) > > The biggest challenge is to keep thousands of open TCP connections in the > memory > > and still have enough CPU power to process SMTP and deliver the mail. > > It's not that many thousands of connections. 30 seconds is pretty long, less > usually works. The feature set basically loads the box with X extra seconds > worth of connections, usually not actually thousands. > > Chris _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog