I added the following entry to the wip.html file on the Postfix website. Wietse
Trickle attack defense Trickle attacks are old, but have received attention recently in the context of web servers. The idea is that an attacker sends a request slowly, for example, one byte at a time. Since many servers implement per-read time limits, instead of per-transaction time limits, an attacker can keep a connection busy for a very long time. Namely, the maximum number of seconds before a read operation times out, multiplied by the maximum number of bytes per transaction, multiplied by the maximum number of transactions. The postscreen daemon, available with Postfix 2.8 and later, already implements time limits to receive one complete SMTP command line. Postscreen uses a default time limit of 300s for RFC compliance, but it will switch to a 10s limit under overload conditions. Postscreen never receives mail, so this is a complete solution. The rest of Postfix still uses per-read time limits, instead of per-line time limits. Support for per-line time limits is currently tested in Postfix 2.9. This solves most of the problem; it limits the time to receive one complete SMTP command line, but it does not yet limit the total amount of time to receive the content of an email message. Instead, use the existing spam blocking mechanisms to reject mail before the SMTP "DATA" command. Once the code has proven itself it will be made available with Postfix 2.8.1. Optional patches may be made available for earlier Postfix releases. The whole thing is implemented in very little code in the lowest-layer Postfix routines. With per-line time limits, Postfix behaves exactly in the same way as before, except when someone trickles the bytes.