|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: *.com and *.net? Yay Postfix!
From: Michael Tokarev (mjt
tls.msk.ru)
Date: Tue Sep 16 2003 - 06:37:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni wrote:
> On Tue, 16 Sep 2003, Michael Tokarev wrote:
>
>
>>and is an easy target for DoS attacks). Instead, check_sender_access
>>tcp:localhost:port may be used in place of reject_unknown_sender_domain,
>>where localhost:port is being listened by a small C program with
>>"select-loop" that does equivalent of current reject_unknown_sender_domain
>>PLUS checks for the bogus A records. Currently I'm working on such a
>>program here (because patching BIND to filter such records "properly"
>>isn't an easy task), and I will post results here when it will be ready.
>
> Suggestion. Make the small C program a Postfix multi-server (like
> trivial-rewrite). Then the program can run a few pre-forked copies under
> high load, without running one copy per process. Making the program run
> from master.cf will be a big win.
>
> The multi-server framework already has the required select loop, so your
> code only needs to implement the per-request callback (foo_service
> routine). Also as a Postfix daemon it can use Postfix configuration
> parameters, ...
I want to perform async DNS queries too, so existing framework can't
be used. A select loop watching for new connections AND for replies
from DNS server. Ugh. (Doing it right now).
/mjt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]