james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amichai Rothman (JIRA)" <server-...@james.apache.org>
Subject [jira] Commented: (JAMES-777) Race condition and randomness in configured hello name
Date Fri, 06 Apr 2007 15:25:32 GMT

    [ https://issues.apache.org/jira/browse/JAMES-777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487249

Amichai Rothman commented on JAMES-777:

Thanks - that should do it. I still think it's confusing to have this many variables involved
in a single configuration string... ppl who'll lose the race (condition) will have all sorts
of problems, and waste much time investigating them as I have (and apparently others before
me), until they find this workaround... much time, frustration and code has been, and will
be, wasted by this. A simple well documented heloName parameter in RemoteDelivery could solve
all this cleanly. But the working workaround is a good start :-) I'll be waiting for it's

> Race condition and randomness in configured hello name
> ------------------------------------------------------
>                 Key: JAMES-777
>                 URL: https://issues.apache.org/jira/browse/JAMES-777
>             Project: James
>          Issue Type: Bug
>          Components: James Core, Remote Delivery, SMTPServer
>    Affects Versions: 2.3.0
>            Reporter: Amichai Rothman
> The RemoteDelivery mailet suffers from a race condition in determining the helo name
to use in its SMTP sessions. If the SMTPServer happens to be fully initialized before RemoteDelivery
is initialized, the helo name, which is set by the SMTPServer's initialization code as a mailet
context attribute, is used correctly. 
> However this is not guaranteed by the code, as a race condition can cause this attribute
to be accessed by RemoteDelivery before SMTPServer initialized it. In this case, the default
domain attribute is used instead. This attribute, in turn, is set randomly to whatever happens
to be the first element of the iterator on the server names set. This is a HashSet so the
iterator order is not well defined, and effectively this chooses a random entry in the servernames
(plus IP addresses if autodetectIP is set to true in the configuration).
> To sum it up, the  helo name used by RemoteDelivery is randomly selected as either the
configured SMTP helo name, any of the configured servernames, or any of their IP addresses.
> note: the "TODO: CHANGE ME!!!" comment in RemoteDelivery.java appears to have predicted
part of this problem (though the randomness of the default domain attribute may have consequences
> While this by itself may not sound too critical, it unfortunately can cause a DNS mismatch
between the helo name (or address) and the actual server lookup, which many spam mechanisms
consider enough for the server to be put it on a very popular spam blacklist, resulting in
denial of service (spam-filter-wise) of the entire mail server.
> recommendation:
> 1. fix the default domain randomness (for example, taking the first form the server names
list, in the order they appear in configuration, would give a consistent and backward compatible
solution. The effects of the default domain attribute should be documented as well.
> 2. If possible, make a proper wait/notify mechanism for RemoteDelivery to start only
when SMTPServer is fully initialized.
> 3. Otherwise, skip the race condition and/or heuristics and just give RemoteDelivery
it's own explicit helo name configuration parameter.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message