Re: Secure popen

From: John Viega (viegaat_private)
Date: Thu Jun 21 2001 - 08:08:23 PDT

  • Next message: Glynn Clements: "Re: Secure popen"

    On Wed, Jun 20, 2001 at 10:05:52PM -0300, Rodrigo Barbosa wrote:
    > 
    > Somewhere there has to be one, or sendmail would not be able to
    > deliver the message. But thats pointless anyway.
    
    There does not need to be a local SMTP daemon.  The destination needs
    to have one if the mail is ever to be successfully delivered.  If you
    want to have reliable delivery, then you'll need to be able to queue
    mail if the remote server isn't up.  If the server is up, then you
    need to be able to handle transient errors (ones where an SMTP server
    is expected to queue and retry).  
    
    > Looks like people don't like implementing network code when you have
    > a program that does that for you. I simply don't like executing 
    > other programs directly. Too many things can go wrong ...
    
    I suspect you've never faced this particular problem.  It's a lot
    harder to get it working right if you're doing your own SMTP delivery.
    That's especially true in a CGI-based environment where you're
    probably going to have a single queue, but multiple instances of the
    CGI script might try accessing it at the same time.  Not only do you
    have to manage the complexities of SMTP, but also you need to
    implement a locking scheme.
    
    Note that passing off to an MTA isn't 100% portable.  I believe that
    installs of the qmail MTA don't use a "sendmail" binary anywhere.
    
    John
    



    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:36:15 PDT