Teodor Milkov wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 18.03.2010 18:05, Eric Shubert wrote: >> The idle-timeout-secs setting is 0 by default, which defeats the >> setting. This leaves the server vulnerable to a DoS, per trog in a >> recent post. >> >> The use of this settings is thus highly recommended, and we feel that >> the default should be something other than 0 (iow, enabled). I think 300 >> is a reasonable default (although not necessarily optimal). >> >> I'm sure Sam had reason to choose 0 as a default, but I can't imagine >> what that would have been, other than not being able to determine what >> an appropriate default value would be. Sam? >> >> Does anyone have any thoughts on this that they'd like to share? > > > I think, that spamdyke is properly detecting the shutdown of qmail-smtpd > pipe, so if spamdyke is not totally stuck (like in the TLS case) it > would close when qmail-smtpd times out. qmail-smtpd's default timeout is > 1200 seconds. That's based on what I recall from several months ago, so > it better be taken with a grain of salt.
This reminds me of something I noticed while investigating the TLS blocking problem. I did notice that occasionally a defunct qmail-spamd and it's parent spamdyke would terminate on their own, 18-19 minutes after spamdyke issued its TIMEOUT message. Perhaps in these cases qmail-smtpd's timeout kicked in and caused them to clean themselves up. This appeared to be fairly infrequent, as maybe 20% or so of the defunct processes did this. FWIW. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
