[Mailman-Developers] [Greg Stark <gsstark@mit.edu>] Re: Bounce removal parameters default values

Greg Stark gsstark at mit.edu
Thu Jun 17 17:28:37 EDT 2004 

Brad Knowles <brad.knowles at skynet.be> writes:

> At 2:36 PM -0400 2004-06-17, Greg Stark wrote:
> 
> >  Virus scans are only one type of bounce that could cause someone to be
> >  unsubscribed spuriously. For example, most mail servers have a maximum
> > message
> >  size for example. Consider the security implications: all I have to do to
> > mass
> >  unsubscribe many people--even everyone--on a list is send a message over 50k.
> >  Everyone using old versions of sendmail will be unsubscribed. A larger
> > message
> >  will unsubscribe anyone using most modern MTAs. Nor do the tests that require
> >  multiple bounces protect anything; I just have to send my attack a few times
> >  quickly.

That's one whacky line-wrap algorithm your MUA uses.

> 	50k?!?  Where are you getting this number?  Maximum message size on
> most MTAs is usually a default of something like 1-10MB, or even unlimited.  In
> more than ten years of specializing in running mail systems, I don't think I
> have *once* seen an MTA that was default configured to a maximum message size
> of just 50k.

Well I said what I meant, "old version of sendmail". 50k was indeed the
standard maximum size for sendmail installs prior to MIME attachments and
html-mail and all these new-fangled gadgets. 

I'm subscribed to plenty of mailing lists where attachments and html mail are
severely discouraged so even today it wouldn't be out of place to refuse mail
from these lists over 50k.

> 	This is basically what Mailman is now doing.  From the
> Mailman-2.1.5/NEWS file:
> 
>      - The bounce processor has been redesigned so that now when an address's
>        bounce score reaches the threshold, that address will be sent a probe
>        message.  Only if the probe bounces will the address be disabled.  The
>        score is reset to zero when the probe is sent.  Also, bounce events are
>        now kept in an event file instead of in memory.  This should help
>        contain the bloat of the BounceRunner.

Hum. Well, then, uh, great! :) Thanks.

Now I just have to figure out why I'm still being dropped. 
I guess some of these mailing lists are old versions of mailman.

This is version skew issue is going to be a big issue going forward. Users of
mailing lists and ultimately any network service are at the mercy of the
admins of every list they're on to upgrade.

-- 
greg

More information about the Mailman-Developers mailing list