ietf-mta-filters
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: question regarding portability

1998-02-10 16:17:27
from [Tim Showalter] [Permanent Link] 
From: Lyndon Nerenberg <lyndon(_at_)esys(_dot_)ca>
On 10 Feb 1998 17:26:14 -0500 Tim Showalter 
<tjs+(_at_)andrew(_dot_)cmu(_dot_)edu> 
wrote:

This can still be checked before running the script; just compile a
list of things that have to be true (mailbox is under quota, all
mentioned mailboxes still exist); if it's not true, don't filter the
message and leave it in the queue.


This has the potential for becoming an expensive operation on large or 
complex scripts. I'm not sure that I want to incur the overhead of a 
full parse on every delivery if only 5% of the code path is executed 
95% of the time.


You don't need to do a full parse.  You need to keep a list of preconditions
that have to be true before you can run the script.

In the case of mailbox lookups, this could be a comparatively expensive
operation, but the mail store should be relatively intelligent about such
things.


You also open a system DOS attack. Someone could 
subscribe to many high-volume mailing lists, then remove the folder 
from a working script. This would start backlogging the system mail 
queue, potentially delaying mail to other users.


Any mailbomb would have basically the same effect.  Ironically, if you did
the same mass-subscribe and don't delete the mailbox, it's worse -- you
still have to ensure the same validation steps, but you have to write all
the messages out, consuming even more I/O bandwidth.

Even if you just file into INBOX if a given mailbox can't be found, you
still lose.


If the target missing mailbox is shared with another user, and that 
other  user deletes the mailbox, should this cause mail to the first 
user to be stalled? It would happen in this scenario, and that seems a 
bit drastic to me.


Even if the number of messages being cross-filed in this way is very large?
It's beneficial to back up in this case.

What happens if we just temporarily fail messages that get filed into a
nonexistant mailbox?


As long as I can mail the user telling them their script is bogus, I 
guess I don't care. 


Presumably the user won't see that message, since you're queueing all 
his incoming mail due to the missing mailbox error. 


Delivery failure messages should be special, and probably shouldn't go back
out to the SMTP server.

I'm not strongly opposed to filing into INBOX on error, but there are cases
to be made either way.

-- 
                                          Tim Showalter 
tjs+(_at_)andrew(_dot_)cmu(_dot_)edu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: question regarding portability, Lyndon Nerenberg
Next by Date:  Re[2]: question regarding portability, Chris Bartram
Previous by Thread:  Re: question regarding portability, Lyndon Nerenberg
Next by Thread:  How to handle script errors, Lyndon Nerenberg
Indexes:  [Date] [Thread] [Top] [All Lists]