On 11/02/2010 16:23, David Morton wrote:
On this system, not much. On the scale of about 6,000 messages a day.
Very light duty then. :)
Even if SpamAssassin isn't used during SMTP, there's nothing stopping
somebody who wants to DOS you from just setting their DOS tool to hold
open connections and spend lots of time waiting between issuing SMTP
commands... It could even go straight through to the DATA phase and send
a 10MB email at a speed of 1 byte per second.
True, though most MTA's have some defenses built for this, but waiting
to scan for spam by nature takes time, and so these defenses must be
lowered to allow it.
I don't think moving SpamAssassin to after the SMTP transaction has
finished would help prevent someone from performing a DOS.
If you *can* do SMTP time spam scanning, then that's the best place for it.
- From experience with larger ISP settings, and some large enterprise
settings, it doesn't take a malicious attempt - normal traffic can be
bursty and bring a system to its knees. From a practical standpoint,
it's just a whole lot easier to have the front line smtpd servers
swallow the email as fast as possible (some quick rbl or greylisting
aside) and then you can process in batches behind the lines.
It's scary when email starts piling up faster than all your scanners can
chew... but most admins I've met would prefer that to other mail servers
getting connection errors and possible bouncing or sending problem
reports back to the sender.
I must admit, I have seen this several times before. Looking at the logs
on our servers at work we've rejected on average 151 emails per minute
for the past week. We do SpamAssassin scanning during SMTP here as well
and the vast majority of the time it's fine, but it does cause problems
during spikes.
To me this just says that we don't have enough servers to deal with the
spikes, but it happens infrequently enough that it's not worth
investing. I still think SMTP time scanning is both practical and desirable.
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
