Re: [exim-dev] RCPT TO verification

Page principale
Supprimer ce message
Répondre à ce message
Auteur: V. T. Mueller, Continum
Date:  
À: exim-dev
Sujet: Re: [exim-dev] RCPT TO verification
Hello,

Graeme Fowler wrote:
> However, arbitrary usage of sender callouts against all inbound mail is
> inadvisable as it is very easy to create a DoS condition against a
> remote site. The best example is as follows:

-snip-

That's why exim uses caching per default, which makes _DoS rather
impossible (vs. DDoS, which is still possible of course).

Anyway, given the varying lag in the planet-wide distribution of email,
it is rather unlikely that all callbacks come in within a sufficiently
small timeframe (in order to cause a DoS).

I don't particularly like or dislike callbacks, but I'm forced to make
use of them, and I'm happy with the way they're implemented in exim. In
fact, we've given end-users the means to disable them for their account
(only) - which shifts the legal implications from us to them.

Cheers,
vt

--
Volker T. Mueller
Continum AG
Bismarckallee 7d
79098 Freiburg i. Br.
Tel. +49 761 21711171
Fax. +49 761 21711198
http://www.continum.net

Sitz der Gesellschaft: Freiburg im Breisgau
Registergericht: Amtsgericht Freiburg, HRB 6866
Vorstand: Rolf Mathis, Volker T. Mueller
Vorsitzender d. Aufsichtsrats: Prof. Dr. Karl-F. Fischbach