[Tutor] ethics in programming

dman dsh8290@rit.edu
Sat, 12 Jan 2002 15:33:35 -0500


On Fri, Jan 11, 2002 at 11:29:59AM -0500, kirk Bailey wrote:
| Working on TinyList, I realized that for security reasons I am using
| TL's ability to talk to the smtp engine to send out the email, one
| envlope per recipient.

I think it is better to pipe the message to the mail system (eg exim,
postfix, or sendmail).  Are you prepared to properly handle all error
repsones from the SMTP server and retry delivery or return a bounce
message as appropriate?  SMTP seems trivial, but there are many things
to get right for a robust system.  Piping _is_ quite trivial and it
gets the message off of your hands quickly.

| Good, avoids security issues with many recipients per envlope. But
| this does slow down transmisson a little, mabe more than a little
| when we are talking LARGE lists.

Right -- you need to send the DATA section once for each recipient.
If you pipe it to exim I believe you will be able to specify all
recipients at once and let exim deal with delivering it to the
destination.  I do know for a fact that if I put 2 addresses in To: or
Cc: headers (using my mua) then exim makes two separate passes over
the "routers" and delivers the message separately for each
destination.

| A way used in majordomo to send lists is to feed ONE copy of the
| letter to a special alias and take advantage of the :include: command
| to invoke the subscriber file. such a list alias looks like:
| 
| listname-outgoing::include:/path/subscriberfilename # no spaces in the
| definition PLEASE!
| 
| And the Mail Transmission Agent(hereafter MTA, usually sendmail) reads
| that file and sends a copy of the letter to each person on it. THERE
| IS NO OTHER SERVICE. *ANY* letter landing on that email alais goes
| out. Very spam friendly alas. And this is a Very Bad Thing. 
| 
| Of course, the idea is the name of alias is a secret,

Security through obscurity doesn't work.  Look at what happens with MS
systems as opposed to Linux or *BSD systems.  One is obscure (no
source available) the other isn't.

| and is fed by a
| program, in this case majordomo. The manual uses listname-outgoing as
| an example, but you are supposed to pick some random name so as to
| safeguard the list. THAT alias may be made public, as it feeds into
| some kind of security program.

I haven't read the mailing list part of the exim manual yet, and I
haven't read any manuals on MailMan.  However I do know a bit about
receiving mail (with exim as the MTA) and how it can be run through
several different layers and forms of spam detection and rejection.

When someone posts a message to the list address you will (should) run
it through some checks (I've heard good things about "spamassassin"
and "vipul's razor") to determine whether or not to accept or reject
it.  If it is accepted as not being spam you will then rewrite the
envelope recipient to be all the list members and continue processing
(send it to the new recipients).  The list->subscribers expansion can
be done by exim itself (without creating new, unchecked, aliases as it
sounds like majordomo wants) or by an external program (such as
MailMan) and the recipients list specified as the message is handed
back to the MTA (this still works without an new alias).

HTH,
-D

-- 

I can do all things through Christ who strengthens me.
        Philippians 4:13