[Mimedefang] stream_by_recipient and Postfix
Rolf E. Sonneveld
R.E.Sonneveld at sonnection.nl
Tue Nov 22 10:23:16 EST 2011
On 11/22/11 3:12 PM, David F. Skoll wrote:
> On Tue, 22 Nov 2011 14:49:37 +0100
> "Rolf E. Sonneveld"<R.E.Sonneveld at sonnection.nl> wrote:
>> Is this sufficient 'evidence' that MD + stream_by_recipient()+
>> Postfix (non_smptd_milters) provides a solution to the problem of
>> treating a multi-recipient message differently based upon different
>> 'per-user' preferences/settings? Any things I forgot? Any caveats?
> It looks like it's working. However, there's one caveat: With real Sendmail,
> MIMEDefang redelivers the streamed messages using deferred mode. That means
> they just get queued up. A short time later, the queue is run and the
> remailed messages appear.
I couldn't locate the exact call to sendmail in the source code. Can you
elaborate on how 'deferred mode' is accomplished? Is sendmail called
with DeliveryMode=b or DeliveryMode=q, or is sendmail called via a
completely different setup?
> This means that if a message has 100 recipients, they get queued up and
> then redelivered in a nicely serialized way with limited parallelism. If
> Postfix actually redelivers the messages immediately, an N-recipient message
> might try to tie up N scanning processes all at about the same time.
> I'm not sure if this will be a problem in practice, but it's something to
> watch for. You don't want to allow an attacker to DoS your machine by sending
> messages to large numbers of recipients and relying on amplification.
More information about the MIMEDefang