October 23, 2020 6:00 PM, "Demi M. Obenour" <demioben...@gmail.com> wrote:
> How important is the caching of userinfo data in mda.c? For security > reasons, I want userinfo lookups to happen in forkmda() in the child > process. > Fairly important as if mda.c no longer do userinfo lookups, it becomes possible to provoke a DoS by preventing deliveries from happening in a relatively fair distribution. i.e: I could flood myself so that mda is saturated with mail deliveries to gilles@ which will then cause parent to call forkmda() exclusively for gilles@ and hit process limits which will prevent other users from getting their mails. Note that it's not so much a caching of userinfo, it's a session which lives only as long as you're delivering for a specific user and that's gone when no deliveries are pending. What problem are you trying to solve ?
