From: Lyndon Nerenberg <lyndon(_at_)esys(_dot_)ca>
On 10 Feb 1998 17:26:14 -0500 Tim Showalter
<tjs+(_at_)andrew(_dot_)cmu(_dot_)edu>
wrote:
This can still be checked before running the script; just compile a
list of things that have to be true (mailbox is under quota, all
mentioned mailboxes still exist); if it's not true, don't filter the
message and leave it in the queue.
This has the potential for becoming an expensive operation on large or
complex scripts. I'm not sure that I want to incur the overhead of a
full parse on every delivery if only 5% of the code path is executed
95% of the time.
You don't need to do a full parse. You need to keep a list of preconditions
that have to be true before you can run the script.
In the case of mailbox lookups, this could be a comparatively expensive
operation, but the mail store should be relatively intelligent about such
things.
You also open a system DOS attack. Someone could
subscribe to many high-volume mailing lists, then remove the folder
from a working script. This would start backlogging the system mail
queue, potentially delaying mail to other users.
Any mailbomb would have basically the same effect. Ironically, if you did
the same mass-subscribe and don't delete the mailbox, it's worse -- you
still have to ensure the same validation steps, but you have to write all
the messages out, consuming even more I/O bandwidth.
Even if you just file into INBOX if a given mailbox can't be found, you
still lose.
If the target missing mailbox is shared with another user, and that
other user deletes the mailbox, should this cause mail to the first
user to be stalled? It would happen in this scenario, and that seems a
bit drastic to me.
Even if the number of messages being cross-filed in this way is very large?
It's beneficial to back up in this case.
What happens if we just temporarily fail messages that get filed into a
nonexistant mailbox?
As long as I can mail the user telling them their script is bogus, I
guess I don't care.
Presumably the user won't see that message, since you're queueing all
his incoming mail due to the missing mailbox error.
Delivery failure messages should be special, and probably shouldn't go back
out to the SMTP server.
I'm not strongly opposed to filing into INBOX on error, but there are cases
to be made either way.
--
Tim Showalter
tjs+(_at_)andrew(_dot_)cmu(_dot_)edu