:
:It results sometimes in out of swap, too.
:
:> Inetd is rate-limited by default nowadays, so this really doesn't apply.
:
:It really does apply. Inetd limits incoming connections per minute, not per
:second. It is possible to use minute limit in a few seconds and cause a high
:load. Sendmail is worse than inetd; it cannot limit incoming rate on
:
:Netch
You can specify a maximum fork limit for inetd on a per-service basis.
You are a year or two too late on these things. A great many improvements
have been made to programs like sendmail and inetd explicitly to deal
with overload situations. Web servers too. These were fairly simple
changes as well. For sendmail it was as simple as making MaxDaemonChildren
apply to queue runs - I submitted that one to Eric Allman two years ago
and it's been a part of sendmail since then. For inetd it is the -c, -C,
and -R options (which can be specified on a per-service basis as well).
Dima and I added the -R option back in 1997 specifically to help with
DOS attacks.
Sendmail is not an issue when properly configured.
-Matt
Matthew Dillon
<dil...@backplane.com>
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
