From: Wietse Venema (wietseporcupine.org)
Date: Wed Sep 19 2007 - 11:47:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni:
> On Wed, Sep 19, 2007 at 12:11:07PM -0400, Wietse Venema wrote:
>
> > > I take that as a very qualified yes. The code in question would I think be
> > > confined to the mime_state engine, which given a new flag (optionally, but
> > > by default enabled in cleanup) would look for "true" 8bit octets in the
> > > bodies of MIME entities with a CTE of "8bit". If no such octets are found,
> > > the message-level encoding is 7bit, even if the sender (via BODY=8BITMIME
> > > in MAIL FROM:) or CTE headers in one or more non-composite MIME parts
> > > signaled possible 8bit content.
> >
> > I forgot to mention performance - if a workaround impacts performance,
> > then it should not be enabled by default.
>
> Well, all characters of the input are already compared with <CR> and
> <LF> to detect line endings. It seems unlikely that checking the high
> bit would impose a noticeable additional cost.

Bit tests are more expensive than comparisons. Postfix tries to
minimize the number of per-byte comparisons on message body content,
and I see no need to double the cost just to find out if someone
elses software sends broken mail.

If people are concerned that Postfix will convert their mail when
talking to a retarded MTA, then they can specify

        disable_mime_output_conversion = yes

This way they save the developers a lot of time, and their users
a lot of grief.

Also, keep in mind that there is going to be a lot of real 8BIT
mail, and that it is going to be signed as 8BIT mail, and that
people will have their signatures broken anyway.

In that light, adding a test for bogus 8bit declarations just
adds cost to Postfix, and doesn't really make a difference
because real 8BIT mail will be broken anyway.

> > > This is somewhat comparable in cost to a regexp check on each line of
> > > body content, except that base64 and QP content is always uninspected
> > > (cheaper) while 8bit content is inspected in its entirety (not just the
> > > first $body_checks_size_limit octets, more expensive).
> >
> > Postfix by default disables features such as header/body_checks,
> > 8strict_8bitmime, message_strip_characters, message_reject_characters
> > and so on because they increase the cost of handling mail for
> > everyone.
>
> As the main benefit of avoiding unnecessary 8-7 conversion is for signed
> email, this feature can be disabled by default, with those doing signing
> encouraged to enable it, and thus avoid unnecessary conversions or possible
> signature failures downstream.
>
> I am not overly concerned about the default behaviour just yet, what is
> your take on feasibility or wisdom?

I don't think that Postfix should by default jump hoops just on
the odd chance that it will receive mail from a broken client, and
just on the odd chance that it will talk to some retarded MTA.

As people discover who is causing their signatures to break, I hope
that pressure will build up for the maintainers of these retarded
systems to fix their software. More likely, MTA operators will learn
how to disable MIME conversions on the sending side, just to keep
their users happy.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]