On Mon, Dec 29, 2008 at 07:39:00PM +0100, Alexander Wirt wrote: > Henrik K schrieb am Monday, den 29. December 2008: > > > On Mon, Dec 29, 2008 at 06:54:52PM +0100, Alexander Wirt wrote: > > > > Using amavisd-milter is much better option, you can control concurrent > > > > process amount and socket queue. No limiting then needed for postfix > > > > processes, you can do do cheap rejects before amavisd (unknown users, > > > > helo/rbl etc). > > > > > > > > Of course you do have to know something about your average traffic and > > > > hardware limits. But nothing wrong about running pre-queue scanning. > > > > > > Sure. But about doing full bloated SA and Virusscanning in pre-queue. You > > > can > > > do wonderful denial of service attacks with such mail systems :). > > > > What do you think happens when after-queue scanner is flooded with millions > > of DoS mails? It will start crawling just the same. Only difference is where > > your mail is jammed, your disk or sending mail servers. > > > > :):) > Ehm no. I can decide to stuff with the mail, do some priorisation. But I have > the mail. Which is a big difference to "the mail is lost in somebody else > queue".
That's a small plus. But if someone really wants to DoS you, your smtpd's are easily maxed out etc. No point making decisions on fear, if you don't have a real reason to be afraid (being attractive target). > > > > > Do cheap things at pre-queue time (header checks, helo...) and the > > > bloated, > > > expensive things after queue. > > > > Only if you are seriously underpowered. > No. At least not from my experience as a mail administrator. There are many scenarios where it fits and doesn't fit. I'm too lazy/busy right now to start getting to the pros and cons of all. It's pretty simple to figure out. Discussions can also be found from many mailing list archives.. ------------------------------------------------------------------------------ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
