From: Wietse Venema (no email)
Date: Mon Sep 03 2007 - 12:41:38 EDT
Victor Duchovni:
>
> Some email administrators report success with disconnecting on the first
> 5XX response as a default policy, and report no negative consequences,
BTW, the Postfix smtpd_hard_error_limit error is a hard limit on
the number of [45]xx responses. It is NOT a limit on the number of
hard error responses.
> but this is clearly a bit dicey, as multi-recipient messages with at
> least one bad recipient have to be deferred by the sender unless the
> sending software has another MX host to try.
>
> I would not endorse this strategy under normal conditions, but it may
> be a reasonable stress response? Yes it violates RFC (2)821. Is such
> violation justified? Would this be solving the right problem?
You are talking here about the RESPONSE to a stress situation. I
would do whatever works. When my server is flooded with backscatter
I use smtpd_hard_error_limit=1 and smtpd_timeout=5s.
At this point the choice is between getting no legitimate mail or
getting some legitimate email, and RFCs become merely an academic
curiosity.
> What is the dynamic behaviour of the stress flag:
>
> - low-water mark?
> - hold-down time?
> - other?
This is entirely independent from the RESPONSE to a stress situation.
For people with legacy Postfix releases it would be irresponsible
to force them to adopt complex modifications to the all-important
master daemon.
> It may be a shame if the stress flag oscilates on and off all day...
> How do we detect that it needs to be on for a prolonged time, and how
> do we detect that it is appropriate to turn it off?
Initially, a simple form of pulse stretching (don't change the
stress level until the load has dropped for some 15 minutes).
High-low watermark solutions alone are too jittery, and moreover
they are too complex for legacy Postfix releases.
Wietse
|
|
|