Hi Scott, I'm quite pleased with the extra feature and in my past messages I forgot to mention that it's also possible we don't have access to the MTA's log because it is owned by someone else. If a problem arises we can now tell the MTA's owner it accepted the message and make it his problem. Before (well, we didn't implement it yet) we had to investigate even more and in the end it's always the client's MTA.
> I can see this only causing problems. The ASSP -> MTA (Internal -> Internal) has full rights to talk to each other, usually by white list of IP. Usually also on the same 100Mb or 1 Gb lan. A well crafted attack could use this to their advantage to find ASSP and qmail setups, or any number of similar cases, and generate massive repeated logging data from MTA back to ASSP, thereby overloading it. All data (the complete message) is going through ASSP already and you want to tell me 4 lines of logging instead of 3 is going to bring my ASSP down? Multiple ASSP's are running on several servers and they are listening to the backbone and are talking most of the time to much less equipped clients. IMHO if ASSP can be brought down by this at all it for sure doesn't make any difference if this extra piece of code was in it or not. JP ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
