* Wietse Venema <wie...@porcupine.org>: > Stefan Foerster: > > * Wietse Venema <wie...@porcupine.org>: > > > Tarpit delays by the hub will slow down the dictionary attack. > > > Is that a problem? > > > > It can delay legitimate mail with yet unverified recipients, but > > that's pretty much what one would suspect during a dictionary attack. > > No, it does not. The documentation recommends that address verify > lookup results are cached, so they are not delayed. Postfix will > refresh these cache entries well before they expire to avoid loss > of service when the back-end host is down or slow.
Yes it can: Note how I wrote "yet unverified", implicating that there is no cache entry for the given recipient yet. Granted, this is an unlikely situation which should never be a problem (and there are several ways to deal with the original, hypothetical scenario anyways). Stefan > This is really basic engineering. > > Wietse
