On Mon, 18 Mar 2002, Kirk Friggstad wrote: > Henrik - I believe this is a "known issue" in XMail - at least, I reported > it to Davide and the list back on October 25 last year. Here is Davide's > response from then: > > [start quote] > The problem arises coz no SMTP gateways are involved inside the loop, it > happens all inside XMail. Mail looping between MTAs is handled by XMail. > By adding internal loop cheking would mean add extra headers that would > lead to rewrite the message file every time. > This will impact the overall XMail performance and i'm not willing in > doing this kind of fix. > But this could be a valid entry for the troubles section of the > documentation project : > > Q: My server is eating all my machine's CPU cycles. Why ? > A: Check your internal redirect :) > [end quote] > > Personally, I wasn't particularly happy with that response, but at least it > was informative and polite, which is more than you appeared to get from > Davide this time...
Actually, it was fun ... and nobody asking for new features ended up by making the FAQ document. > ....and Davide, I still think it's a legitimate issue. With the proliferation > of web-based interfaces that allow direct user editing of their account > variables, including their mailproc.tab, it creates a situation where > end-users can cause what amounts to a denial-of-service attack on an XMail > server, either through simple carelessness or outright malicious intent. The > only solution to this situation is as follows: > - don't allow users to edit their mailproc.tab files > - live with the risk that your users can bring your server to it's knees > Neither one of these options is acceptable, as far as I'm concerned. But I > don't want to beat a dead horse too much more... :-) So you're planning in leaving the mailproc.tab free to edit to your users. Did you actually think about that, talking about DoS attacks ? - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
