[Asrg] where the message originated (was: DKIM role?) (SM)

Ian Eiloart iane at sussex.ac.uk
Tue Jan 20 03:30:33 PST 2009 


--On 20 January 2009 08:34:51 +0100 Alessandro Vesely <vesely at tana.it> 
wrote:

> Daniel Feenberg wrote:
>> On Mon, 19 Jan 2009, Paul Russell wrote:
>>> On 1/19/2009 10:38 AM, Ian Eiloart wrote:
>>>> 1. You can bounce selectively.
>>>
>>> I know that sendmail can be configured to accept for one recipient and
>>> reject for another recipient.
>>
>> Sendmail can selectively reject receipients while processing "RCPT TO:"
>> commands, but not after the header and body are received.
>> [...]
>> As I understand it, this is a consequence of the SMTP
>> protocol, and not something that sendmail can program around.
>
> Given a set of recipients (r1, r2, ..., rn) the server can partition it
> in subsets that have homogeneous filtering recipes. It does that in
> steps. Each step consists in responding 250 for r1 and any other
> recipient with identical filtering, 4xx to the rest.

Yes, that's the scheme I was referring to. It can be implemented with my 
MTA - Exim. However, if any filter subset doesn't want the message, then 
you should give a 5yz response after seeing the body. RFC2821 says that the 
sending MTA "SHOULD not again attempt delivery to the same server without 
user review and intervention of the message". 
<http://www.apps.ietf.org/rfc/rfc2821.html#sec-4.2.5> I guess most MTA's 
aren't RFC2821 compliant in that respect.

RFC 5321 says the client "may either return it to the user or requeue it 
for a subsequent attempt". That's an improvement, but at best there's no 
guarantee that members of the second and subsequent subsets will ever see 
the message. If they do, it will be after a delay that many people find 
unacceptable. 2821 and 5321 both say retry intervals should be at least 30 
minutes, but that might be unusual. Exim's default policy is every 15 
minutes for the first two hours, for example, then at decreasing intervals. 


If the number of subsets is large enough, you may even exceed the retry 
timeout on the sending MTA, so a large site had better not have too many 
filter recipes. The limit would be about 30 different filter recipes when 
the sending server is using Exim's default retry policy. 
<http://www.exim.org/exim-html-current/doc/html/spec_html/ch07.html#SECID57>.

30 recipes lets you give your user four binary, or three ternary options. 
Even if the say "don't filter" to all of those options, they can still lose 
email if the first recipient has enabled filtering, and the sending server 
is rfc2821 compliant.




> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Asrg mailing list