Heho, I just started to see some DoS issue on my OpenSMTPd with table-mysql as the backend. Specifically, my server ran into the user lookup process eating a full core and torturing the mysql server after some funny brute-force attempts came in. (writeup with graphs here: https://doing-stupid-things.as59645.net/mail/opensmtpd/mysql/2022/08/30/receiving-an-email.html )
After some amateur debugging on my side, it seems like the issue occurs if the mysql table is latin1 (happens if following defaults and table-mysql man) and something is shipped to opensmtpd which does not cleanly cast to latin1 (i.e., is not plain ascii), as opensmtpd speaks UTF8 with mysql (again, my amateur analysis). The query then fails/mysql kills the connection, and table-mysql retries the connection with the same data leading to mysql... you get the idea, and this then happens at 350+ queries/s. Would it make sense to have the db-table backends return a tempfailure (for lookups for domain/forward/deliver we'd probably not want to reject mail due to a DB failure) or error (auth etc.) if the same query fails like N (5 as default?) times in a row? If this is not a clear-cut case of me having held it wrong, I can also try to replicate this in a test-setup to which I can give other people access (not a coder, so no patches from me :-/). With best regards, Tobias
