[milters] Archive

Lists Index Date Thread Search

Article: 264
From: April Lorenzen
Date: 2004-11-29 09:45:07 -0500
Subject: Re: milter-mole

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

The SIQ (Server Index Query) protocol is just a protocol for an inbound
server to query an external - LAN or remote - "reputation" server - with
no implication of the methodology or (as Anthony points out) the quality
of the response.

Anthony created the C version of a milter for the SIQ protocol - there was
already a python milter.  Anthony also substantially contributed to
improving the SIQ protocol as well as writing the technical parts of the
IETF Internet draft for SIQ protocol. The protocol anticipates usage by
any number of independent, public, private, free, fee, etc services. The
SIQ protocol is to domain+ip reputation services, what DNSBL query format
is to blacklists. As Anthony hopes: one standard, many unrelated service

The Outbound Index (which happens to use SIQ protocol as a delivery
mechanism) is an effort to provide useful facts about servers and domains
that are active in the email system - in a format useful to email
administrators for accepting, rejecting, tempfailing and especially
sorting mail.

This goes beyond duplicating the way a seasoned admin would make decisions
based on blacklists and milters. Using a system shared by a number of
admins means that data about domains and IP actively in use *for sending
mail* is likely to be cached when you ask for it. And we don't know of any
(other) milter or blacklist yet available to the seasoned admin which
reports similar longevity / stability / security / identity factors of
domains or outbound server IPs.

The admin is still the expert - he determines the mix of factors and
scoring that fits his own standards, by using a web interface to set how
his queries will be processed by the Outbound Index. Anthony, as a milter
writer, has the view that all configuration should be done in the milter,
and one can alter and update the milter if one wants to make changes.

Petru Paler and I, who created the Outbound Index, believe that the milter
should be essentially a dumb query client, just carrying out the possible

 - accept, reject, tempfail or accept and modify subject and/or add flags
in headers for sorting

while all changes to configuration, thresholds, scoring, adding new /
modifying criteria /factors / tests - should take place only in the query
server under the control of individual admins via web interface -
preventing the need to make any changes to the milter (query client) on
the inbound mail server.

So if you have 50,000 deployed milters - a new feature or bugfix is
applied on maybe 5 query servers and immediately available to the 50,000
milter users - without risking their inbound servers by making a software
change in their server, and with about 10,000 times fewer man-hours of
work. While one could argue that changing the query server creates the
risk of errors in the queries, the failure mode is acceptance and delivery
of mail same as if the SIQ server didn't exist. And again, a bug-re-fix
takes effect without pushing updates or requring 50,000 local admins to
get notified / take action.

The SIQ protocol is flexible enough to support either type of
implementation - "dumb" milter / query client, or "dumb" query server.


- April Lorenzen


> So, as I have grown to understand from the reading that I've done and from
> your email below,
> the effort behind SIQ is to create an expert system that is able to reason
> whether or not an
> email is crap or not.  Better than filtering, an expert system is adeptly
> honed to be able to
> mimic the choices for letting valid email through that a seasoned,
> experienced postmaster
> conjures up with an assortment of blackhole lists and milters.
> Am I getting warm in my interpretation?
> Thanks,
> Jeff G.

Lists Index Date Thread Search