Timeout settings (was Re: [Mimedefang] tmpfs on Linux)
Aleksandar Milivojevic
amilivojevic at pbl.ca
Thu Nov 11 19:16:20 EST 2004
Quoting "David F. Skoll" <dfs at roaringpenguin.com>
Date: Thu, 11 Nov 2004 17:06:13
> On Thu, 11 Nov 2004, Greg Miller wrote:
>
> > During my investigations I noticed that many of my sendmail processes
> > hang around for quite some time, presumably because the host on the
> > other end is slow. I stumbled across a recommendation that the sendmail
> > default timeouts be tuned as follows: Anyone else doing this?
>
> Some of those numbers are way too short. In particular, a confTO_DATAFINAL
> of 5 minutes is definitely too low. RFC 2821 says that one SHOULD be
> at least 10 minutes, and I would be conservative and make it 30 minutes.
I'd leave that one at Sendmail's default one hour. Setting it too low may
result in bandwith waste and multiple copies of email delivered. I've saw
ClamAV + MIMEDefang taking some 10-15 minutes to complete when scanning emails
with huge compressed attachments (on reasonably fast machine). If receiving
side has some more milters, or is simply overloaded because it got several large
emails to process at the same time, it could easilly take even longer.
If somebody is going to DOS you, even timeout set to as short as one minute
would be more than enough to allow for DOS attack. And you would need to be the
one connecting to attacker's server (that's what this timeout controls). So
really there's no point in lowering this. If you already transferred the email,
give the other side as much time as it needs to do whatever it needs to do
before accepting that email.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang
mailing list