I don't have the exact statistics in hand, but about 3 years ago a server with ~10K mailboxes was hit constantly with requests, few connections per second.
Sendmail at that time was known for heavy forking, so people used mainly Postfix or Qmail as email front-end servers. I don't know how far Sendmail is improved since then, but I guess it's still forking on every SMTP request. Also in the old days, sendmail was re-reading its configuration after each fork. I hope it's not the case now :)
In regards to 5 seconds vs. 30, I honestly don't know. Let's wait till Martin reads these messages here :)
Even with 5 seconds delay, an average spam virus attack would blow the server easily if it has to fork on every incoming request. With the new Windows 7 coming up, you never know how vulnerable it's going to be to viruses :)
----- Original Message ----
From: Chris Meidinger cmeidinger@sendmail.com To: Stanislav Sinyagin ssinyagin@yahoo.com Cc: "swinog@lists.swinog.ch" swinog@lists.swinog.ch Sent: Mon, October 19, 2009 9:42:53 PM Subject: Re: [swinog] Greylisting
On 19.10.2009, at 21:30, Stanislav Sinyagin wrote:
last AprilMartin Blapp has presented a nice concept at SwiNOG:
instead of greylisting, the SMTP server delays the first OK response to
HELO/EHLO
for 30 seconds. That is usually enough for the vast majority of spambots to
give up.
Also if the client tries to send something before receiving the OK, the
connection
is dropped immediately.
That feature is in stock sendmail. It's called the greet_pause ruleset.
FEATURE(`greet_pause', `5000') dnl 5 seconds
causes the MTA to wait 5 seconds before greeting. You could also use 30000 to make it be 30 seconds, though usually 5 is plenty.
Check http://www.sendmail.org/documentation/configurationReadme for a further description of how to implement.
I think there should be ways to do it outside of kernel, in userland, in a
nice
and efficient way. But I never had the time to dig any deeper :) The biggest challenge is to keep thousands of open TCP connections in the
memory
and still have enough CPU power to process SMTP and deliver the mail.
It's not that many thousands of connections. 30 seconds is pretty long, less usually works. The feature set basically loads the box with X extra seconds worth of connections, usually not actually thousands.
Chris