Re: Abort data transfer?

John R Levine writes:
> > > > This doesn't deal with the case where the data never stops.
> > > In all the years I've been running mail servers, I don't ever recall 
> > > seeing a sender that never stopped. How often have you seen one?
> > Once. A windows box in the UAE, if I remember correctly. It 
> > connected, sent MAIL FROM and RCP TO, got a 50x, disconnected, and 
> > tried again five minutes later. When I noticed it, it had been doing 
> > so for as long as I had logs, probably 99 weeks.
> No, I meant where the data in a single DATA connection never stops, 
> since that is the alleged problem that this argument is about.
Oh, sorry. I think of all these attack variations as interchangeable 
since the attacker can change the attack so easily.
> If, as I suspect, it has never happened in the entire history of the 
> Internet, why in the world is anyone wasting time worrying about it?
It has been discussed several times, I even remember a flamewar. The 
outcomes, AFAICR, always tended towards "if resource (ram/disk/cpu) 
usage is the problem, resource usage is the thing to watch" or "use 
setrlimit". That is, who cares whether the problem is long RCPT lines, 
many of them, long BODY, many concurrent connections tying up resources 
just below your administrative limit, or some x*y*z combination: just 
watch for unacceptable resource usage.
>  The scenario you describe is rare enough and has little enough impact 
> that you could deal with it by hand.
Yes. I wish I had more problems that go harmlessly unnoticed for a year 
or more.
Arnt