[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: sorbs blacklisting scam

On Sun, 2006-04-30 at 10:42, Juha-Matti Tapio wrote:
> I think this is the worst possible way to handle full mailboxes. I think
> that if the message is accepted for delivery to local mailbox, it is better
> to bite the bullet and just deliver it. If I send someone email, I would
> expect that if the servers are up and they accept the mail, it does not
> silently sleep in the queue for days. If there are warning bounces and a
> rejection bounce, the backscatter problem keeps on multiplying and if there
> are no warnings, the sender will falsely believe that the message has been
> delivered.

A quota which is not enforced is not a quota.  Without user
quotas you are susceptible to a single accidental or
deliberate DOS attack blocking email for all users instead of
a small number.

Example, based on incidents I have actually witnessed:

Clueless Relative emails an enormous attachment to Hapless
Recipient.  Because we minimize backscatter we check for
viruses during the SMTP transaction.  Clueless Relative's
ISP times out on the SMTP transaction after end of data
while the anti-virus is staggering through the enormous
attachment.  Clueless Relative's ISP sends the message
again a few minutes later.  And again.  And again.

With user quotas enforced only hapless recipient's mailbox
is full.

Without user quotas, your whole mail spool is full and
nobody can receive email.

--Mike Bird

Reply to: