On 12/4/2017 3:35 PM, J Doe wrote: > Hello, > > I currently have a server that is configured as a mail forwarding domain [1]. > Using example.com as an example: > > /etc/postfix/main.cf > virtual_alias_domains = example.com > virtual_alias_maps = hash:/etc/postfix/virtual > > /etc/postfix/virtual > u...@example.com users-gmail-addr...@gmail.com > > As such, the SMTP client is used to forward the messages to each user’s > existing Gmail addresses. > > I was reading more about the smtp client parameters and read about > smtp_per_record_deadline. In postconf(5) it states that the time limits are > changed and that this “...limits the impact from hostile peers that trickle > data one byte at a time” > > Since my peer for the smtp client is always Gmail, this isn’t an issue for > me, but I was wondering - why does this default to “no” ? I note the warning > in postconf(5) that states for slow network connections this can cause > problems with TLS, but I am assuming that this doesn’t apply to most > configurations. > > Why wouldn’t I want this normally enabled ? > > Thanks, > > - J > > Sources > [1] www.postfix.org/VIRTUAL_README.html >
This messes with timeouts in a non-obvious manner, and can cause legit slow-but-working connections to fail, especially if they use TLS. Don't enable this unless you are actively experiencing a slow-connection denial of service, which are pretty rare. -- Noel Jones
