>>>>> "Jason" == Jason L Tibbitts <tibbs@hpc.uh.edu> writes:
>>>>> "MR" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
MR> The backup here is useful all-around. Refuse to process
MR> messages from the same "user" more than once a
MR> <configurable-time, about 5 minutes>.
Jason> Simply not acceptable. Most of the time an auth key comes
Jason> back sooner than that. I often get a bunch of legitimate
Jason> requests from a user in separate messages.
I have not installed the 1.94 YET, so I can not comment on how easy
this is get around.
Perhaps, I will rephrase my suggestion:
refuse to generate a response based on input from the same
"user" more than every five minutes
This implies a queuing system in majordomo. I've been through the
debates on this on numerous times on this list, so I'm . It would help
the CC:mail no such user meltdown that happens on occasion though if
it were applied to resend as well. It might also reduce the ability to
spam mailing lists.
I would tend to say that a third message within 5 minutes causes
exponential backoff. Actually, I'd like to put this logic into the
sendmail queuing function.
Jason> Some method of limiting n requests from a user in m minutes
Jason> might be a good idea, but all of this requires keeping
Jason> state, preferably in a database to make this kind of thing
Jason> reasonable for high traffic sites (which you must always
Jason> consider in deciding if and how to implement any feature).
Jason> Not always easy to do with perl4.
Agreed.
Jason> As always, providing code will speed adoption and
Jason> implementation.
I think I skipped over some dicussion about how to go about
"branching" 1.94 in order to start on 2.0. I'd like to suggest CVS 1.8
over SSH as a very good solution.
:!mcr!: | Network security consulting and
Michael Richardson | contract programming
WWW: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html";>mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Follow-Ups:
|
|
