On 11/02/2010 15:49, David Morton wrote:
At SMTP time I return a 5xx code during the "DATA" phase for messages
classified as Spam. However, I also deliver the message into a read only
What kind of mail load do you service?
On this system, not much. On the scale of about 6,000 messages a day.
It takes a significant amount of
time for spamassassin to process a message, and holding the connection
open during that time can easily allow for a DoS by flooding your mail
server with connections. This is why amavisd* variants always accept
the mail and then process - it helps keep the incoming smtpd process
from jamming.
SpamAssassin seems to average about 5 seconds per message here. I have
other light weight checks which take place before spamassassin as well.
Even if SpamAssassin isn't used during SMTP, there's nothing stopping
somebody who wants to DOS you from just setting their DOS tool to hold
open connections and spend lots of time waiting between issuing SMTP
commands... It could even go straight through to the DATA phase and send
a 10MB email at a speed of 1 byte per second.
I don't think moving SpamAssassin to after the SMTP transaction has
finished would help prevent someone from performing a DOS.
If you *can* do SMTP time spam scanning, then that's the best place for it.
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
