On 2/04/19 13:21, Wietse Venema wrote:
> Probably better to not allow a limit-less smtp_mx_address_limit,
> as it makes Postfix vulnerable to resource exhaustion attack.
>
> Wietse
>
Fair enough, but then the docs for smtp_mx_address_limit ought to be
changed to remove the "or zero (no limit)" at the end.
I'd also suggest an explicit warning in case it is still set to zero,
instead of the rather misleading (and inaccurate) "server unavailable or
unable to receive mail" for any MX with both A and AAAA records.
On the same topic: what if smtp_mx_address_limit was simply made to
apply for each family separately? E.g. the default of 5 would mean: keep
max 5 IPv6 addresses _and_ max 5 IPv4's ?
That would a) eliminate the need for balancing the mix, b) simplify the
code, and c) allow the client to honor the smtp_address_preference
setting in a safe way.
Separate limit parameters for each family would also do the job, but
that would probably be overkill.
Luc
