Update of /cvsroot/mailman/mailman
In directory usw-pr-cvs1:/tmp/cvs-serv30561
Modified Files:
README.SENDMAIL
Log Message:
Add a security note, and a performance note.
Index: README.SENDMAIL
===================================================================
RCS file: /cvsroot/mailman/mailman/README.SENDMAIL,v
retrieving revision 2.3
retrieving revision 2.4
diff -C2 -d -r2.3 -r2.4
*** README.SENDMAIL 16 Mar 2002 06:04:35 -0000 2.3
--- README.SENDMAIL 16 Mar 2002 06:15:53 -0000 2.4
***************
*** 3,6 ****
--- 3,19 ----
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ SECURITY NOTE
+
+ You may be tempted to set the DELIVERY_MODULE configuration
+ variable in mm_cfg.py to `Sendmail' when using the Sendmail MTA.
+ Don't. The Sendmail.py module is misnamed -- it's really a
+ command line based message handoff scheme as opposed to the SMTP
+ scheme used in SMTPDirect (the default). Sendmail.py has known
+ security holes and is provided as a proof-of-concept only. If you
+ are having problems using SMTPDirect.py please fix those instead
+ of using Sendmail.py, or you may open your system up to security
+ exploits.
+
+
SENDMAIL `smrsh' COMPATIBILITY
***************
*** 41,44 ****
--- 54,68 ----
mailman.mc - a toy configuration file sample
virtusertable - a sample for RFC 2142 address exceptions
+
+
+ PERFORMANCE NOTES
+
+ One of the surest performance killers for Sendmail users is when
+ Sendmail is configured to synchronously verify the recipient's
+ host via DNS. If it does this for messages posted to it from
+ Mailman, you will get horrible performance. Since Mailman usually
+ connects via localhost (i.e. 127.0.0.1) to the SMTP port of
+ Sendmail, you should be sure to configure Sendmail /not/ to do DNS
+ verification synchronously for localhost connections.
_______________________________________________
Mailman-checkins mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-checkins
