Victor Duchovni wrote:
On Wed, Dec 01, 2010 at 11:43:30PM -0600, Stan Hoeppner wrote:
The lookup is always a cache miss. Then an SMTP probe is sent. Dictionary attacks always yield cache misses.
You are forgetting that dictionary attacks are almost exclusively queries for non-existent users. Think clearly, and think outside the box about worst-case behaviour.
Because I am not thinking about normal loads that don't matter. One needs to survive hostile loads.
Just to illustrate with numbers, what Viktor says, a daily activity on one of our servers (not a big one) : from all connections reaching a "RCPT To" step, 18313 are to real users and 76623 to non existing users. Well, this is a daily normal activity, not even a hostile load. Clearly, most checks are cache misses.
