On Tue, Apr 22, 2014 at 05:37:01PM +0300, Kim B. Heino wrote:
> > Instead of per-domain quota, would not it be sufficient to impose
> > a global limit on the total number of pending verify requests for
> > information that is not already cached? Then use something like
> > "random drop" to keep the number within bounds.
>
> We have lot of different clients where we forward mail to. One global
> limit doesn't work: DDoS'ing one single client would affect all
> clients.
You probably need both a per-domain limit and a larger global limit.
RED would be applied per-domain once the domain's limit is exceeded,
and globally once the global limit is exceeded.
Clients that don't process verify probes in a timely manner (tarpit
your system's probe messages) and thus contribute to DoS of your
system should be asked to provide you with a static user list, or
use another provider. You should use a separate transport for
verify probes with a generous process limit.
--
Viktor.
