On Mon, 12 Apr 1999, Timothy L. Mayo wrote:
> Only if they are silly enough to accept more connections than they can
> handle. :) One of the things a sys admin is "supposed" to do is tune his
> machines for performance. If you cannot limit the number of connections
> you will accept to something your system can handle, you need to re-think
> your setup.
Erm... you just described a classic DoS attack. You put a limit of x
connections in. One remote system uses all or nearly all of them. No one
else can connect. You can hack whatever sorts of other "oh, limit one
remote IP to only so many, do this, do that" hacks on top of that you
want, and some of them are actually quite useful, but it doesn't change
the fact that the root problem is qmail's rudeness in this area.
As someone using qmail (for various reasons...), I can't control every
other system in the world, and even if I could, simple math still says
that a remote machine only has so many resources so trying to make it do
too many things at once is counterproductive and just eats up time in
qmail-remotes, which is a limited resource in qmail.
