Re: Bug#207300: tmda: Challenge-response is fundamentally broken
On Sat, Aug 30, 2003 at 11:49:40PM +0000, Brian May wrote:
> On Sat, Aug 30, 2003 at 04:01:19PM +1000, Russell Coker wrote:
> > > That is the idea behind autorespoonders after all, to tell the sender
> > > that his mail didn't get through because it didn't meet some required
> > > criteria.
> >
> > A SMTP 550 code can convey all the information that is needed for bounces.
>
> There are two problems with this.
>
> 1. The modular design of SMTP agents like postfix do not allow
> scanning of messages before the message has been accepted by the
> MTA at the SMTP session. I think you would have to add hooks
> into smtpd, but that is going to complicate the code.
not true.
postfix header_checks and body_checks check the message *before* it is accepted
by the MTA. if it fails the test, a final 5xx reject code is issued rather
than a 2xx "accepted" code.
recent experimental versions of postfix also allow the same thing to be
done with content-filters, although use of this feature is not recommended
by Wietse due to the time it takes for a filter like spamassassin to run - there
is a risk of smtp timeouts, especially on busy servers.
> 2. All checks have to be automatic, and there is no chance of manual
> review to ensure that the messages where geniune before bouncing it.
>
> The list of known solutions follows:
>
> (nil)
actually, the known solution is:
- reject if you possibly can, tag and deliver otherwise.
craig
Reply to: