On Sat, May 23, 2009 at 07:12:12AM +0100, Steve wrote:
> > This is really lame rate control mechanism. It fails catastrophically
> > when a legitimate site has a spike of email in your direction. Consider
> > generous connection concurrency limits, and avoid rate limits unless
> > they are very generous, and would NEVER be hit by a legitimate sender.
>
> It may be 'lame' but it is tried, tested and works extremely well on the
> particular appliance concerned. Trusted IP's that are likely to exceed
> the rate control settings are exempted so spikes are a bit of a non
> issue.
There is a big difference between infrastructure that "works in practice"
and infrastructure that is robust in the face of non-typical behaviour.
I prefer to avoid designs with serious warts, however well they seem
to work in practice.
Robustness is a valuable property even when you typically don't rely on
it day to day. Non-resilient systems fail catastrophically, after working
well for an indefinite period of time, and everyone getting comfortable
with ignoring the risk.
If we construct large scale systems out of fragile parts, we get what
we deserve.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
