Quoting "David F. Skoll" <[EMAIL PROTECTED]> Date: Thu, 11 Nov 2004 17:06:13
> On Thu, 11 Nov 2004, Greg Miller wrote: > > > During my investigations I noticed that many of my sendmail processes > > hang around for quite some time, presumably because the host on the > > other end is slow. I stumbled across a recommendation that the sendmail > > default timeouts be tuned as follows: Anyone else doing this? > > Some of those numbers are way too short. In particular, a confTO_DATAFINAL > of 5 minutes is definitely too low. RFC 2821 says that one SHOULD be > at least 10 minutes, and I would be conservative and make it 30 minutes. I'd leave that one at Sendmail's default one hour. Setting it too low may result in bandwith waste and multiple copies of email delivered. I've saw ClamAV + MIMEDefang taking some 10-15 minutes to complete when scanning emails with huge compressed attachments (on reasonably fast machine). If receiving side has some more milters, or is simply overloaded because it got several large emails to process at the same time, it could easilly take even longer. If somebody is going to DOS you, even timeout set to as short as one minute would be more than enough to allow for DOS attack. And you would need to be the one connecting to attacker's server (that's what this timeout controls). So really there's no point in lowering this. If you already transferred the email, give the other side as much time as it needs to do whatever it needs to do before accepting that email. -- Aleksandar Milivojevic <[EMAIL PROTECTED]> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
