james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernd Fondermann" <bernd.fonderm...@googlemail.com>
Subject Re: Milestone from trunk
Date Mon, 05 May 2008 07:24:48 GMT
On Mon, May 5, 2008 at 12:43 AM, Serge Knystautas <sknystautas@gmail.com> wrote:
> On Sun, May 4, 2008 at 8:47 AM, Bernd Fondermann
>  <bernd.fondermann@googlemail.com> wrote:
>  > On Sat, May 3, 2008 at 1:43 PM, Noel J. Bergman <noel@devtech.com> wrote:
>
> >  >  See above regarding Postage.  And keep in mind that I've used Postal and
>  >  >  Rabid for isolated testing in the past, but it (too) is not sufficient.
 We
>  >  >  need the real world exposure.
>  >
>  >  Every test setup has its pros and cons. Unit test have a specific use,
>  >  so have isolated, reproducible functional or load tests.
>  >
>  >  Nancy (solaris zone, that is ;-)) has the disadvantage that it
>  >  probably will reveil some bugs/problems which are not (easily)
>  >  reproducible because we don't control the test data/load. This would
>  >  make some people with proper knowledge of testing not call it a
>  >  'test', more an  'experiment'. I think it's worthwhile anyway, but
>  >  you'd have to fall back to other tests after running into that certain
>  >  family of seldom problems.
>  >
>  >  I seem to have a hard time pitching Postage (which I actually wrote
>  >  after - or better because of - working with Postal and Rabid), which
>  >  allows to use specialized message factory objects. Write a custom
>  >  factory for every specific mail which leads to a specific false
>  >  behavior inside the Server. This makes Postage a fit for any kind a
>  >  functional test you might (have to) come up with.
>
>  IMO there's a trust that's needed that some random spam monkey can't
>  send a few wrong characters and cripple your mail server at 3am and
>  ruin your saturday night.  This arguably has to be created by
>  surviving in a cruel unsheltered world.

You are describing a localizable problem (dealing with bad character
input). Perfect for unit testing.
And yes, I agree, for detection, Nancy could be useful. Or a
randomized byte stream.

>  In terms of getting more useful data from that test install, I bet
>  someone who knows unix pretty well could write a way to log all
>  incoming port 25 traffic so we could get some real world attack
>  vectors/invalid mime messages/random junk.

That would be a lot of help. And a lot of data. And you still wouldn't
see problems produced by the timing of data sent (unless you record
and replay this, too).

  Bernd

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message