> On 15 Jul 2021, at 10:41 am, post...@ptld.com wrote:
>
> "The time limit for sending a Postfix SMTP server response and for receiving
> a remote SMTP client request."
The amount of time that smtpd(8) is willing to wait for a network write
to write some data when writing a command-response, or for a network read
to return some data when reading an SMTP command.
As elaborated under:
http://www.postfix.org/postconf.5.html#smtpd_per_record_deadline
Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
time limits, from a time limit per read or write system call,
to a time limit to send or receive a complete record (an SMTP
command line, SMTP response line, SMTP message content line,
or TLS protocol message). This limits the impact from hostile
peers that trickle data one byte at a time.
Thus the default timeout is per read or write, rather than the complete
requested operation. With the deadline timer the timeout applies to
the entire I/O operation, possibly spanning multi reads or writes.
However, even then it is never the transmission of an entire message
body, rather it would be a logical data fragment, an SMTP command or
response, a body content line, a TLS protocol record, ... which
partly mitigates "Slowloris" attacks,
https://en.wikipedia.org/wiki/Slowloris_(computer_security)
meaningful progress must be made within the deadline timer, just
sending a few characters per 300s is not enough.
--
Viktor.
