Timeouts
Connection Life (already implemented) concerns itself with the overall lifespan of client connections. Meaning "you can talk for 5 minutes and no more, no matter what is happening". Connection Timeout concerns itself with the latent time between the last byte sent from the server and the next byte sent from the client.
The purpose of implementing timeout is to limit the effect of a denial of service attack (distributed or otherwise). Meaning, if I know that a server has 50 connections available and a connection life of 5 minutes, I can connect to the the server 50 times for 5 minutes each and shut down all other clients from connecting for 5 minutes.
Timeout should prevent you from holding on to the connection for the whole life of the connection. While timeout is not in iteself enough to thwart denial of service attacks, in conjuntion with ConnectionLife, HostileBlocking, and FuzzProtection make it much more difficult without sufficient number of distributed nodes.
Example
S: 220 set.superlinksoftware.com SMTP Server (JBMAIL SMTP Server version 0.1) ready July 6, 2004 3:39:44 PM EDT C: HELO me S: 250-set.superlinksoftware.com Hello me (123.123.123.123 (123.123.123.123)) 250 AUTH LOGIN PLAIN ...wait for n seconds (timeout period)... 221 set.superlinksoftware.com closing connection
to defeat this the client should send an \r every few seconds. However with FuzzProtection we should be able to twart that.
Comments