You're right.
Dbmail simply spawns NCHILDREN, accepts MAXCONNECTS subsequent connects
per child, and then exits and respawns that child.
Afaik MAXCHILDREN is not used at all.
So if you're looking for intelligent pre-forking of children, or even
simply linear scaling of children to accept incoming connects, look no
further; it not there.
We do indeed need a smart setup which will allow deployment of dbmail in
hostile environments.
Eric Estabrooks wrote:
> I started playing with the 1.2 software and it seems to have gotten rid
> of the problems I was having with 1.1 however I did notice it's really
> easy to do a dos against it. Basically I'll I had to do was open
> nchildern connections to it and everyone else after connected and hung
> or got dropped (once it was larger than the tcp/ip queue). Same with the
> pop server, for some weird reason it wouldn't start any new children it
> just stayed at nchildren never went to maxchildren. This then makes a
> dos until timeout is reached on the first connect which could be a long
> time.
>
> I guess I'm not sure what should be done different as just spawning more
> children could dos the box the other way. What about letting a child
> deal with more than one connection at a time (like setting up a select
> or poll containing all of the connections it has)
>
> Eric
--
________________________________________________________________
Paul Stevens mailto:paul@nfg.nl
NET FACILITIES GROUP PGP: finger paul@nfg.nl
The Netherlands________________________________http://www.nfg.nl
Dbmail simply spawns NCHILDREN, accepts MAXCONNECTS subsequent connects
per child, and then exits and respawns that child.
Afaik MAXCHILDREN is not used at all.
So if you're looking for intelligent pre-forking of children, or even
simply linear scaling of children to accept incoming connects, look no
further; it not there.
We do indeed need a smart setup which will allow deployment of dbmail in
hostile environments.
Eric Estabrooks wrote:
> I started playing with the 1.2 software and it seems to have gotten rid
> of the problems I was having with 1.1 however I did notice it's really
> easy to do a dos against it. Basically I'll I had to do was open
> nchildern connections to it and everyone else after connected and hung
> or got dropped (once it was larger than the tcp/ip queue). Same with the
> pop server, for some weird reason it wouldn't start any new children it
> just stayed at nchildren never went to maxchildren. This then makes a
> dos until timeout is reached on the first connect which could be a long
> time.
>
> I guess I'm not sure what should be done different as just spawning more
> children could dos the box the other way. What about letting a child
> deal with more than one connection at a time (like setting up a select
> or poll containing all of the connections it has)
>
> Eric
--
________________________________________________________________
Paul Stevens mailto:paul@nfg.nl
NET FACILITIES GROUP PGP: finger paul@nfg.nl
The Netherlands________________________________http://www.nfg.nl