At 06:55 PM 3/20/97 -0800, you wrote:
>David Mandala <davidm@them.com> writes:
>>
>>Greg, I hear your feelings, but I strongly disagree with your points. James
>>Smallacombe I think is on the right track when he said "How "rock solid" is
>>an email server that stops serving all together because /var or /usr is
>>filled due to a mailbomb?" I share his feelings. Given that a serious mail
>>bombing can fill up a mail system in minutes and I have many people relying
>>on recieving mail via our server.
>>
>
>Yes, you're right, we disagree.
>
>We're both balancing the effects of a server outage (affecting all
>users) with the effects of bouncing over-quota users' mail (affecting
>a few users).
>
>The factor that makes me disagree with you is when you take time
>periods and severity into account.
>
>A server-wide outage is a short affair if you're reasonably on top
>of things. Two or three hours at the most to block the mailbomb
>and resume service. Everyone is affected, but the penalty is light.
>Mail is only deferred rather than rejected, and just for a short
>period of time.
>
>On the other hand, bouncing mail as you and James describe affects
>only a few users, but the penalty they feel is harsh. Their mail
>is bounced back to the sender rather then delayed. The general level
>of user alertness is far below that of ISP admins, so their mail
>will be bounced for far longer than a server would be down.
>
>
>Yes, a problem that affects all users is worse than one that affects
>only a few. But the severity of the penalty, and the length of time
>they suffer it, should also be factored in. At my site, those things
>tilt the balance in favor of deferring the mail instead of bouncing it.
>
>Please don't misunderstand. I'm not trying to make you change your mind
>about how to run your site. I want to explain the reasoning that led me
>to a different decision about mine.
>
I appreciate your point of view, thats why I think that a configurable
option is the best. In my case I am seriously understaffed (and will be for
the foreseeable furture) so it is quite impotant that the systems are able
to run for longer periods of time without major interuption.
It is better (for us) to have a single user with a problem then the entire
system. When I can get the funding to support a 24x7 technical staff then
the scale might change more toward your point of view. For now "The needs
of the many outweigh the needs of the few".
Davidm
>David Mandala <davidm@them.com> writes:
>>
>>Greg, I hear your feelings, but I strongly disagree with your points. James
>>Smallacombe I think is on the right track when he said "How "rock solid" is
>>an email server that stops serving all together because /var or /usr is
>>filled due to a mailbomb?" I share his feelings. Given that a serious mail
>>bombing can fill up a mail system in minutes and I have many people relying
>>on recieving mail via our server.
>>
>
>Yes, you're right, we disagree.
>
>We're both balancing the effects of a server outage (affecting all
>users) with the effects of bouncing over-quota users' mail (affecting
>a few users).
>
>The factor that makes me disagree with you is when you take time
>periods and severity into account.
>
>A server-wide outage is a short affair if you're reasonably on top
>of things. Two or three hours at the most to block the mailbomb
>and resume service. Everyone is affected, but the penalty is light.
>Mail is only deferred rather than rejected, and just for a short
>period of time.
>
>On the other hand, bouncing mail as you and James describe affects
>only a few users, but the penalty they feel is harsh. Their mail
>is bounced back to the sender rather then delayed. The general level
>of user alertness is far below that of ISP admins, so their mail
>will be bounced for far longer than a server would be down.
>
>
>Yes, a problem that affects all users is worse than one that affects
>only a few. But the severity of the penalty, and the length of time
>they suffer it, should also be factored in. At my site, those things
>tilt the balance in favor of deferring the mail instead of bouncing it.
>
>Please don't misunderstand. I'm not trying to make you change your mind
>about how to run your site. I want to explain the reasoning that led me
>to a different decision about mine.
>
I appreciate your point of view, thats why I think that a configurable
option is the best. In my case I am seriously understaffed (and will be for
the foreseeable furture) so it is quite impotant that the systems are able
to run for longer periods of time without major interuption.
It is better (for us) to have a single user with a problem then the entire
system. When I can get the funding to support a 24x7 technical staff then
the scale might change more toward your point of view. For now "The needs
of the many outweigh the needs of the few".
Davidm