I added the following entry to the wip.html file on the Postfix website.
Wietse
Trickle attack defense
Trickle attacks are old, but have received attention recently in
the context of web servers. The idea is that an attacker sends a
request slowly, for example, one byte at a time. Since many servers
implement per-read time limits, instead of per-transaction time
limits, an attacker can keep a connection busy for a very long
time. Namely, the maximum number of seconds before a read operation
times out, multiplied by the maximum number of bytes per transaction,
multiplied by the maximum number of transactions.
The postscreen daemon, available with Postfix 2.8 and later, already
implements time limits to receive one complete SMTP command line.
Postscreen uses a default time limit of 300s for RFC compliance,
but it will switch to a 10s limit under overload conditions.
Postscreen never receives mail, so this is a complete solution.
The rest of Postfix still uses per-read time limits, instead of
per-line time limits. Support for per-line time limits is currently
tested in Postfix 2.9. This solves most of the problem; it limits
the time to receive one complete SMTP command line, but it does
not yet limit the total amount of time to receive the content of
an email message. Instead, use the existing spam blocking mechanisms
to reject mail before the SMTP "DATA" command.
Once the code has proven itself it will be made available with
Postfix 2.8.1. Optional patches may be made available for earlier
Postfix releases. The whole thing is implemented in very little
code in the lowest-layer Postfix routines. With per-line time
limits, Postfix behaves exactly in the same way as before, except
when someone trickles the bytes.
