From: Alexander W. <for...@fo...> - 2008-12-29 18:39:08
|
Henrik K schrieb am Monday, den 29. December 2008: > On Mon, Dec 29, 2008 at 06:54:52PM +0100, Alexander Wirt wrote: > > > Using amavisd-milter is much better option, you can control concurrent > > > process amount and socket queue. No limiting then needed for postfix > > > processes, you can do do cheap rejects before amavisd (unknown users, > > > helo/rbl etc). > > > > > > Of course you do have to know something about your average traffic and > > > hardware limits. But nothing wrong about running pre-queue scanning. > > > > Sure. But about doing full bloated SA and Virusscanning in pre-queue. You can > > do wonderful denial of service attacks with such mail systems :). > > What do you think happens when after-queue scanner is flooded with millions > of DoS mails? It will start crawling just the same. Only difference is where > your mail is jammed, your disk or sending mail servers. > > :):) Ehm no. I can decide to stuff with the mail, do some priorisation. But I have the mail. Which is a big difference to "the mail is lost in somebody else queue". > > > Do cheap things at pre-queue time (header checks, helo...) and the bloated, > > expensive things after queue. > > Only if you are seriously underpowered. No. At least not from my experience as a mail administrator. Alex |