[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 73: Scanning early
Some institutions have looked at (or are using) exiscan. This slide
is about why we aren't.
If the connection is broken between dot and 250 then the messge may
get duplicated. This sometimes happens when delivering broken email
to flaky servers.
Content filtering is expensive, so it increases the time between dot
and 250 -- however, this is a relatively minor problem.
Exim has some configuration options to protect it from overload
attacks, but these assume that message reception is cheaper than
delivery (which would not be the case on ppsw with exiscan).
With SMTP-time scanning the only way of protecting against overload
is to reject any new connections, which means that if the server is
under attack your average user won't be able to send email at all.
You have to set the load limits only a little above what the machine
can cope with or it bogs down horribly. Because email doesn't arrive
at a smooth rate, you have to spec the machine to be able to deal
with sudden bursts of email rather than with the average peak rate.
Generated by MagicPoint