whitelist_to getting exploited

Glenn Steen glenn.steen at gmail.com
Sat Dec 30 12:38:30 CET 2006 

Hi Trever,

Just a few odd comments below...

> > Of Ramprasad
> > Sent: Friday, December 29, 2006 5:22 AM
> > To: MailScanner discussion
> > Subject: Re: whitelist_to getting exploited
> >
> > On Fri, 2006-12-29 at 19:34 +1000, Res wrote:
> > > On Fri, 29 Dec 2006, Ramprasad wrote:
> > But user-1 wants all mails including spam  , not others
> >
> > For eg If I want to allow abuse at mydomain to get all mail
> > without check someone sends a mail To:the_top_man at domain,abuse at domain
> >
> > Then this mail would bypass spam checks and reach
> > the_top_man at domain Obviously this would be a concern to
> > everyone , how are you folks getting over this issue
>
> Mailscanner can't split one message into several and treat them
> differently based on recipient.  Doing so would risk queue filename
> conflicts.

This should be possible to handle....:-).

> But you can have your MTA split messages with multiple recipients into
> one message per recipient -- then each message that mailscanner sees
> only has one recipient.
>
> There are some definite caveats to consider though:
>         - you'll use more bandwidth, since you're
>           delivering multiple copies of a message where
>           before you only delivered one.  This may or may
>           not be significant for you.

With gateway systems (which is a very common setup, after all, of
MailScanner) this is generally not a concern, since you will have a
very much more capable LAN/"internal WAN" link than "internet-facing"
link.
But true enough, it might be a concern... One could limit that (and
the things below) by more restrictive message size constraints (at MTA
level).

>         - you'll increase the number of rows in your
>           mailwatch tables, if you're using mailwatch.
>                 - However, mailwatch 1.x is 'broken' in that
>                   it only records one recipient per message
>                   anyway, so while you're increasing the load
>                   a bit, you also may be saving yourself a
>                   different headache later.

Both these are true, and if I understood how Steve intends to handle
these for multiple recipient mails in 2.0 (fixing the broken behaviour
of 1.x) the first point will continue to be a real concern for sites
with large amounts of messages... Splitting will likely make it one of
your jobs to keep on top of daily. Sigh. One more ...:-). But if one
has a low volume setup, it doesn't matter that much.

>         - you'll increase the number of log entries -- this
>           is probably insignificant.
Agreed.

>         - you'll increase the mailscanner processing load,
>           since e.g. one message may become five messages.

The worst "hog" in MS is SA, and with the SpamAssassin result cache
feature on, you really take the sting out of this one. True, you'll
likely see a bit of load from AV scanners etc, but SA should yield
only the cache fingerprint "cost" and nothing more.

> I used to split all inbound messages.  I wish I still could, but in my
> case I started bumping against the limits of my hardware and opted to
> gain some performance by turning off the splitting.

Do you by any chance run BDC still? It can "hurt" things bad... Or do
you have a lot of BLs in MS? That could well be "hurtfull too,
depending on what limit you encounter... Or was it the MW bit you
mention? Hopefully 2.0 will make a lot of difference there:-)

Anyway, as said, just a few random comment from a mind definitely
still on holiday leave:-)
Best Regards & Happy New Year!
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list