cgi security

Barry A. Warsaw barry at digicool.com
Wed Apr 4 11:44:02 EDT 2001 

>>>>> "SK" == Sheila King <sheila at spamcop.net> writes:

    SK> More secure, I can believe. Less system overhead? That is
    SK> exactly the opposite information from what I got, when I asked
    SK> a question here a few weeks back about "efficiency in sending
    SK> email". I specifically asked in that thread, why someone else
    SK> had posted back in Feb. that using sendmail was the
    SK> "preferred" way of sending mail, rather than using the smtp
    SK> module.

By default in Mailman, we use smtplib to connect to a local MTA and
optimize that hand-off, but let the MTA manage delivery as best it
can.  This is by far the most efficient way to do it, and I believe
most secure, but it does require you to fine-tune your MTA system.

The rationale goes as follows: MTAs such as sendmail, qmail, Postfix,
Exim, etc. are far better at managing their delivery queues, resends,
system resources, etc. than anything we'd be able to do in Python.  So
we use Python for what its good at, and let the MTAs do what they're
good at.  Some MTAs are more equal than others though.  I think the
Mailman users community would say that qmail, Postfix, or Exim are
generally better performers than sendmail, and among the former three,
the preference comes down to other issues such as ease of
configurability, "automatic" handling of mailing lists, etc.

If you're really concerned with blasting tons of email through your
system, there's lots you can do on the MTA, server, disk throughput
side that will a great impact on performance.  For example, if you're
using smtplib to hand-off messages to a local MTA for final delivery,
you want to be sure that the MTA does not try to do dns resolution of
recipient domain names when accepting messages from localhost.

    SK> And I'd have to say that my experimenting confirms this. It is
    SK> MUCH faster to connect to sendmail/qmail/whatever MTA, than to
    SK> wait for the smtpmodule to open a connection.

I'd absolutely agree, in general, and with some of the caveats above.

    SK> And, in the case that someone uses the smtplib option in my
    SK> script, rather than the sendmail option, my script has to go
    SK> to a lot more trouble to set the envelope sender and
    SK> recipient, the date field, the message-ID and so forth
    SK> myself. There is a definite impact on the script performance.

Yep.

-Barry

More information about the Python-list mailing list