Quoting Philip Reynolds (philip.reynolds at rfc-networks.ie):
> 1) Providing this kind of functionality at SMTP level with Postfix
> means leaving your server far more susceptible to DoS attack.
If it were not the case that the overwhelming majority of junkmail fails
other checks _before_ SA processing (such as the callbacks and DNSBLs),
you would have a good point.
I was worried about exactly that, when I first deployed sa-exim.
However, my system load actually went way _down_ rather than up, which
seemed like a pleasant surprise. As I said, the proof's in the pudding.
> Under normal circumstances, Postfix simply accepts the mail and
> stores it in the queue. Processing is done *AFTER* postfix has
> safely accepted the mail, written to disk and the remote client has
> safely disconnected. This is the most common way it is done, because
> it is the proper way to do it.
That has the unfortunate disadvantage that you cannot any longer reject
rather than bounce, and cannot perform other real-time processing that
inherently can only be performed (or only usefully performed) during the
SMTP converation.
--
Cheers, The cynics among us might say: "We laugh,
Rick Moen monkeyboys -- Linux IS the mainstream UNIX now!
rick at linuxmafia.com MuaHaHaHa!" but that would be rude. -- Jim Dennis
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
