Re: [Exim] Re: the Klez virus

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exim-users
Subject: Re: [Exim] Re: the Klez virus
On Fri, May 10, 2002 at 12:16:03PM +0100, Matthew Byng-Maddick (exim@???) wrote:

> On Fri, May 10, 2002 at 12:48:12PM +0200, Tom Kistner wrote:
> > On Fri, May 10, 2002 at 11:36:45AM +0100, Matthew Byng-Maddick
> >     (exim@???) wrote:
> [>> Tom Kistner wrote:]
> > > Well, indeed. That wasn't the point. The point is that I can crash your
> > > mailserver with something like that.
> > Yes, maybe you can. I said I agree on that. You even quoted me:
> > > > I agree that there may be the possibility of DoS with such files, but that
> > > > will depend on the scanner used, not on exiscan. Most
> > > > scanners (like uvscan) have no problems with such ill-formatted files.

>
> Yes, and crashing your mailserver is a serious problem.


Yep. It would be. It never happened. Injury from a car accident would also
be a serious problem for me. Yet it never happened and I still take the
risk of driving 60 kilometers every day. I am willing to take risks
if I get some benefit in return. See what I mean ?

> > > It's not "ill-formatted". That's kind of the point. And anyway, you were
> > > kind of missing the entire point of my post.
> > Nope. I even said that I understand your point, however I
> > do not necessarily agree with your conclusion.
>
> Except that you are showing quite clearly that you're missing it by some
> farily large distance.


Just how do I show that ?

> Since you haven't yet searched the archives for what I'm talking about,
> have a look at my discussion with Marc from VA software on his original
> SpamAssassin local_scan function. You may note the problem of duplicate
> mail, and the discussion on timeouts and not wasting time needlessly at
> that point.


I did read this topic. Yet I never had duplicate mails. It may be a problem on a
386 serving a 10Mbit link. Not on my mail server implementations though.

> > (b) and (c) are non-issues. Connection speed is not the problem. CPU and
> > I/O speed is, however.
>
> Since you seem NOT to understand the problem I'm discussing, I'd claim
> you haven't the first clue what you're talking about, and have missed
> my entire point.


You keep repeating yourself. "You are too dumb and I am right". Nice
argument.

> My point is *ABSOLUTELY* to do with the time it takes to deliver mail,
> nothing more, nothing less.


The line speed and/or saturation is irrelevant. You're missing my point by
some fairly large distance.


> > (a) is legit, but when I get load problems AND want to do AV scanning,
> > I just throw more hardware at it.
>
> Useful.


Yep. May solve the problem.

> I'm not convinced you do. "Why should I care?" is a very silly argument in
> the modern world? after all, "Why should I care that my mail server is
> relaying for anyone who asks it to?" "Why should I care that I've got
> addresses from people's webpages, and am using it to send my announcements
> to?" "Why should I care that my email server is dropping bounces, after all
> bounces are spam and noone reads them anyway?" "Why should I care that my
> server has an '_' in its HELO name, it works for me, you must be broken?"


I am willing to take a certain risk to achieve a certain goal. Thats all.
If the risk is too high for you, don't use it. But please don't play the RFC
smartass. After all, I'm not advertising my small patch as a must-have.

> None of these arguments stand up at all, IMO, so "it works for me, there's
> a case where it breaks but just because I haven't seen it yet, I'm now
> convinced it can't happen" seems to me to be pretty foolish from anyone


Once again, I even admitted it can happen. Please don't misquote me to prove
yourself.

> who has even the remotest idea of what they're talking about. Since you
> claim to understand SMTP, you obviously understand about the points of the
> protocol where weirdnesses can happen, except that your emails have failed
> to make it clear that you have even the remotest knowledge of the problems
> to which I am referring.


"You are too dumb and I am right"

> > Just because someone has a syntacically correct, but completely useless ZIP
> > file ? Come on.
>
> *                                                                         *
> Point                                                           Tom Kistner


thx.

Okay, lets cut the crap. I admit (and did so from the start) that you are right
from the "RFC or death" point of view. But all your flaming about RFC-ignorant
dumbass mailing list members won't get you very far ... welcome to the real world.

/tom

--
Tom Kistner <tom@???>
ICQ 1501527 dcanthrax@efnet
http://duncanthrax.net