On 3 Jun 2004, at 21:27, James Craig Burley wrote:
A spammer uses a large number of zombie machines to inject emails into your system. Each email is forged such that your system has to continuously perform SPF lookups for nonexistent or irrelevant domain names. The spammer thus attacks your DNS cache and/or lookup latencies.
This shows a major misunderstanding of how the process works. A DNS lookup is practically zero cost. You fire off a query and then you wait until the response comes back. Meanwhile your processor can do other things - it's not doing anything during that "wait".
Now there is a minor issue with the design of qpsmtpd in that it forks, so there is a potential for too many processes running, causing load averages to rise, but that's a rather major DOS attack occurring just to achieve that situation, and it exists in almost every major SMTP server that's doing any kind of lookups.
Matt.
