On Mon, May 5, 2008 at 12:43 AM, Serge Knystautas <[EMAIL PROTECTED]> wrote: > On Sun, May 4, 2008 at 8:47 AM, Bernd Fondermann > <[EMAIL PROTECTED]> wrote: > > On Sat, May 3, 2008 at 1:43 PM, Noel J. Bergman <[EMAIL PROTECTED]> wrote: > > > > See above regarding Postage. And keep in mind that I've used Postal and > > > Rabid for isolated testing in the past, but it (too) is not > sufficient. We > > > need the real world exposure. > > > > Every test setup has its pros and cons. Unit test have a specific use, > > so have isolated, reproducible functional or load tests. > > > > Nancy (solaris zone, that is ;-)) has the disadvantage that it > > probably will reveil some bugs/problems which are not (easily) > > reproducible because we don't control the test data/load. This would > > make some people with proper knowledge of testing not call it a > > 'test', more an 'experiment'. I think it's worthwhile anyway, but > > you'd have to fall back to other tests after running into that certain > > family of seldom problems. > > > > I seem to have a hard time pitching Postage (which I actually wrote > > after - or better because of - working with Postal and Rabid), which > > allows to use specialized message factory objects. Write a custom > > factory for every specific mail which leads to a specific false > > behavior inside the Server. This makes Postage a fit for any kind a > > functional test you might (have to) come up with. > > IMO there's a trust that's needed that some random spam monkey can't > send a few wrong characters and cripple your mail server at 3am and > ruin your saturday night. This arguably has to be created by > surviving in a cruel unsheltered world.
You are describing a localizable problem (dealing with bad character input). Perfect for unit testing. And yes, I agree, for detection, Nancy could be useful. Or a randomized byte stream. > In terms of getting more useful data from that test install, I bet > someone who knows unix pretty well could write a way to log all > incoming port 25 traffic so we could get some real world attack > vectors/invalid mime messages/random junk. That would be a lot of help. And a lot of data. And you still wouldn't see problems produced by the timing of data sent (unless you record and replay this, too). Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
