Re: orbs.org accuses qmail of mailbomb relaying!

[Eric Cox]

"Michael T. Babcock" wrote:
> 
> You've just missed a point of Qmail though.  If a major point of Qmail's existence is
> to provide reliable E-mail delivery, then this _must_ include cooperating with other
> MTAs (without violating standards) at least enough to keep from crashing / giving
> them headaches so that we don't 'encourage' them to lose mail ... (through failures
> of their own).


As long as qmail is going to be expected to handle connection-management 
for remote MTAs, shouldn't we also handle security on the client, rather 
than the server, as well?

In my view, if an MTA crashes, for any reason, it's the MTA's fault - no 
discussion about it.  Doesn't matter how many connections were opened to 
it, or how fast.  If it can't handle more connections, it should start 
refusing them, period.

Another point is that if qmail "fixes" this "problem", it leaves the 
flawed MTAs alone to be crashed by a attacker - they need not fix their 
connection-management problems - they're left in, silently waiting for 
and attacker to exploit. 

Eric