> However, you are looking for a solution BEFORE the mail queue, > that stops the verify daemon from sending probes.
Yes, exactly. > Instead of per-domain quota, would not it be sufficient to impose > a global limit on the total number of pending verify requests for > information that is not already cached? Then use something like > "random drop" to keep the number within bounds. We have lot of different clients where we forward mail to. One global limit doesn't work: DDoS'ing one single client would affect all clients.
