[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#207300: tmda: Challenge-response is fundamentally broken

On Sat, Aug 30, 2003 at 11:49:40PM +0000, Brian May wrote:
> On Sat, Aug 30, 2003 at 04:01:19PM +1000, Russell Coker wrote:
> > > That is the idea behind autorespoonders after all, to tell the sender
> > > that his mail didn't get through because it didn't meet some required
> > > criteria.
> > 
> > A SMTP 550 code can convey all the information that is needed for bounces.
> There are two problems with this.
> 1. The modular design of SMTP agents like postfix do not allow 
> scanning of messages before the message has been accepted by the
> MTA at the SMTP session. I think you would have to add hooks
> into smtpd, but that is going to complicate the code.

not true.

postfix header_checks and body_checks check the message *before* it is accepted
by the MTA.  if it fails the test, a final 5xx reject code is issued rather
than a 2xx "accepted" code.

recent experimental versions of postfix also allow the same thing to be
done with content-filters, although use of this feature is not recommended
by Wietse due to the time it takes for a filter like spamassassin to run - there
is a risk of smtp timeouts, especially on busy servers.

> 2. All checks have to be automatic, and there is no chance of manual
> review to ensure that the messages where geniune before bouncing it.
> The list of known solutions follows:
> (nil)

actually, the known solution is:

 - reject if you possibly can, tag and deliver otherwise.


Reply to: