[IRCServices] Email forwarding

[Jonathan Morton]

>>What part of this is open to resource attacks?
>
>/ns set email some-domain at that.doesnt.resolve
>/ns sendpass
>
>Lather, rinse, repeat and watch sendmail choke.

Depends heavily on your choice of MTA.  Sendmail may behave like this but
Exim [http://www.exim.org/] sure doesn't...  however putting limits on is
still a good idea due to the extra resources consumed by having N number of
Exim processes waiting for their domain resolvers.  However, you still need
some method of dealing with bounce messages - /dev/null sounds just perfect
here.

Domain resolving can be partially mitigated by running one's own
caching-only DNS server, which is listening only on the localhost interface
and not to anything externally visible.  However I have to agree that
running DNS lookups for every user would be far too much for a single
process to handle.  The IRCd already does this, so IP information should be
given out as and when available rather than Services having to figure it
all out for itself.

(In case you were wondering, I rather like Exim - readable config files,
completely bulletproof, and regularly maintained.  I use it, my university
uses it - come to that, most UK universities use it - and I've not had any
trouble with it.  I can't say the same for those people I know to be using
Sendmail.)

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi at cyberspace.org  (not for attachments)
big-mail: chromatix at penguinpowered.com
uni-mail: j.d.morton at lancaster.ac.uk

The key to knowledge is not to rely on people to teach you it.

Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a20 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----