From: Anthony Howe
Date: 2006-03-09 05:17:41 -0500
Subject: Re: "... 50 thousands tears I've cried" - Snert Milter
More information..: http://www.milter.info/#Support
Grant Taylor wrote:
> I agree that the clueless sites that (for what ever reason) reject
> the Null Reverse Path "<>" email address should be shot but they do
> still exist. However rather than just starting with ""postmaster you
> might consider attempting to send the email from the NRP first and
> then fall back to the ""postmaster email address if the NRP was
> rejected for some reason. If you did try the NRP first and then fall
Something similar was mentioned by someone else, but frankly I don't
fancy doubling the number of tests (and possible reconnects) from 2 to 4
during an SMTP call-back session. The french ISP ovh.net (and some
others) will drop the connection after an unknown recipient error (or
any other error). Given I do a false address test followed by the target
address, that requires two connections for what should have been
possible in one. Essentially testing with MAIL FROM:<> followed by MAIL
FROM:<postmaster@...> if the first two failed just complicates the code
> back to the ""postmaster address you could easily log the fact that
> the NRP did not work thus providing evidence for someone that wanted
> to parse logs and send a canned email to
> email@example.com informing them of their cluelessnes.
> I personally would write a simple shell script that would watch the
> maillog (tail -F $MAILLOG | fgrep $NRPWarningString |
> $B----SmackSomePostmaster) and inform the postmaster of the offending
> domain. Of course you would need to have some sort of history of who
> you have BSmacked so you would not do it too often and upset them and
> thus be considered abusing email... You get the point.
While I agree in educating the RFC clueless, their numbers are growing
faster than I have the time or patience to deal with. I also found that
most users of my software don't want to deal with the extra time
involved in educating the clueless. They prefer some automated way to
deal with them: reject, accept, grey-list, or detect. In most cases I
fall back on grey-list. MxCallBackAsPostmaster attempts to avoid the
problem and still get a useful answer.
> Also I would be tempted to request that you default to postmaster but
> still provide a way to change the email address used. I know that I
NO! ABSOLUTELY NOT! MAIL FROM:<> was put into the RFC for a reason: to
provide a mechanism for automated server-to-server exchanges WITHOUT
generating mail loops. Using <postmaster@...> like <> required some
changes in milter-sender policy and because of certain requirements in
the RFCs for accepting <postmaster> and <firstname.lastname@example.org> I was
willing to try it.
If you start farting around putting any address in the MAIL FROM: then
it becomes extremely complicated (I prefer impossible) to handle
call-back loop detection properly.
Consider what happens when two call-back sites talk to each other and
make their call-backs using arbitrary MAIL FROM: addresses other than
MAIL FROM:<> or MAIL FROM:<email@example.com>. You'll end up with a
nice infinite loop unless one of those call-back implementations is
sufficient smart enough to detect the situation.
Other than milter-sender, I doubt many call-back implementations go to
the extemes that I do already to handle the variety of cases (maybe
Postfix might as they have an option for MAIL FROM:<postmaster...> in
call-backs). I don't relish the thought of using arbitrary MAIL FROM:
addresses in the call-back and detecting loops. I think I'd prefer just
to block RFC clueless sites at that juncture.
> would be tempted to create an account just for this purpose (say
> "milter-sender@..." or the likes) rather than use postmaster which
> has it's own special purpose already.
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 AIM: SirWumpus Sendmail Milter Solutions
http://www.snert.com/ ICQ: 7116561
Copyright 2009, 2012 by SnertSoft. All rights reserved.