[milters] Archive

Lists Index Date Thread Search

Article: 848
From: Anthony Howe
Date: 2006-03-09 05:17:41 -0500
Subject: Re: "... 50 thousands tears I've cried" - Snert Milter

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Grant Taylor wrote:
> I agree that the clueless sites that (for what ever reason) reject
> the Null Reverse Path "<>" email address should be shot but they do
> still exist.  However rather than just starting with ""postmaster you
> might consider attempting to send the email from the NRP first and
> then fall back to the ""postmaster email address if the NRP was
> rejected for some reason.  If you did try the NRP first and then fall

Something similar was mentioned by someone else, but frankly I don't 
fancy doubling the number of tests (and possible reconnects) from 2 to 4 
during an SMTP call-back session. The french ISP ovh.net (and some 
others) will drop the connection after an unknown recipient error (or 
any other error). Given I do a false address test followed by the target 
address, that requires two connections for what should have been 
possible in one. Essentially testing with MAIL FROM:<> followed by MAIL 
FROM:<postmaster@...> if the first two failed just complicates the code 
unnecessarily.

> back to the ""postmaster address you could easily log the fact that
> the NRP did not work thus providing evidence for someone that wanted
> to parse logs and send a canned email to
> postmaster@clueless-domain.tld informing them of their cluelessnes.
> I personally would write a simple shell script that would watch the
> maillog (tail -F $MAILLOG | fgrep $NRPWarningString |
> $B----SmackSomePostmaster) and inform the postmaster of the offending
> domain.  Of course you would need to have some sort of history of who
> you have BSmacked so you would not do it too often and upset them and
> thus be considered abusing email...  You get the point.

While I agree in educating the RFC clueless, their numbers are growing 
faster than I have the time or patience to deal with. I also found that 
most users of my software don't want to deal with the extra time 
involved in educating the clueless. They prefer some automated way to 
deal with them: reject, accept, grey-list, or detect. In most cases I 
fall back on grey-list. MxCallBackAsPostmaster attempts to avoid the 
problem and still get a useful answer.

> Also I would be tempted to request that you default to postmaster but
> still provide a way to change the email address used.  I know that I

NO! ABSOLUTELY NOT! MAIL FROM:<> was put into the RFC for a reason: to 
provide a mechanism for automated server-to-server exchanges WITHOUT 
generating mail loops. Using <postmaster@...> like <> required some 
changes in milter-sender policy and because of certain requirements in 
the RFCs for accepting <postmaster> and <postmaster@your.domain> I was 
willing to try it.

If you start farting around putting any address in the MAIL FROM: then 
it becomes extremely complicated (I prefer impossible) to handle 
call-back loop detection properly.

Consider what happens when two call-back sites talk to each other and 
make their call-backs using arbitrary MAIL FROM: addresses other than 
MAIL FROM:<> or MAIL FROM:<postmaster@our.site>. You'll end up with a 
nice infinite loop unless one of those call-back implementations is 
sufficient smart enough to detect the situation.

Other than milter-sender, I doubt many call-back implementations go to 
the extemes that I do already to handle the variety of cases (maybe 
Postfix might as they have an option for MAIL FROM:<postmaster...> in 
call-backs). I don't relish the thought of using arbitrary MAIL FROM: 
addresses in the call-back and detecting loops. I think I'd prefer just 
to block RFC clueless sites at that juncture.

> would be tempted to create an account just for this purpose (say
> "milter-sender@..." or the likes) rather than use postmaster which
> has it's own special purpose already.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/

Lists Index Date Thread Search