[IRCServices] Email forwarding

Andrew Church achurch at achurch.org
Mon Jan 22 22:02:04 PST 2001 

>>      That's my point.  _Something_ will choke, be it sendmail, the system
>> (too many processes), or Services SENDPASS (MTA refuses messages due to
>> load). Switching MTAs just moves the problem around.
>
>You're assuming sendmail isn't correctly configured...
>Configure it properly and it shouldn't choke.
>I won't go into details about how you're a VERY bad
>sys admin if this isn't set. :-)
>In sendmail.cf:
>MaxDaemonChildren=limit
>make sure that limit is set and reasonable.

     BZZT, nice try, neeext!

     That has nothing to do with it; in fact, that can even exacerbate
the problem.  The problem is that every single one of those mails will
cause sendmail (or whatever) to sit around several minutes waiting for
a DNS reply that won't come back.  Unless your MTA is smart enough to
send more recently queued messages later, this means any _other_ mail
in the system will be delayed minutes, hours or more while the MTA
chugs through all the bogus mail; and in any case, the disk space used
by the messages is gone, and the CPU needed to process them will be
taken out every time the MTA goes through the queue--and this can come
to a considerable amount in the face of a concerted attack.

>About services choking, I think the original idea of having a
>separate process run via cron say every hour is a better idea.
>That way, services don't choke.

     That has nothing to do with the problem; see above.

>Nothing is bullet proof, but everything is manageable.

     Yes, of course if you configure and tweak everything just right
it'll all be happy.  I'm just saying the proposed idea isn't the best
way to do things.  There's a reason that I haven't implemented E-mail
functions before, and it's because THINGS AREN'T THAT SIMPLE.  This
simple method may actually work just fine for you and your small
network, but I don't have the luxury of just worrying about one small
network; I have to make sure Services runs--and doesn't cause
problems--for everyone that uses it, and there are some pretty damn
big networks out there.

     If you want to patch Services to do things this way, fine.
I won't support it.  (But I do have E-mail functions on the list of
features to be added for 5.0.)

  --Andrew Church
    achurch at achurch.org | New address - please note.
    http://achurch.org/ | $B%a!<%k%"%I%l%9$,JQ$o$j$^$7$?!#(B