Based on my tests less then half of mail servers will accept 500 error
after data command (those are mostly the ones that support limits on size
of emails - SIZE ESMTP extension I believe). The trick that has been used
is to issue RSET command to reset the session to beginning (which is more
widely accepted) even at DATA and then bounce with 500 or to simply
disconnect (before end of transmission, which would cause calling email
server to try again). But that you can't easily bounce email and filter
during DATA transmission is very unfortunate and puts many email filters
in the position of returning unwanted email (to FROM command, which is
often invalid and thus wasting servers resources) instead of bouncing it
at the transmission.
My review of solutions shows that most would require additions to SMTP
such that email server can not make a decision after RCPT and TO command
and only can do it either after all headers are received or after main
body of email is received. What I really would like is ability for
receiving mail server to get data or parts of it (particular header,
mime structure of the email, particular mime object) out of band before
making final decision on accepting or rejecting entire email.
Also I do not agree that DATA is < 1/2 of the amount of transmission for
each email. It is true for all those small emails we often sent to each
other (which almost all are not spam) but for larger emails that have
larger chance of being spam or virus, DATA portion takes well over 75% of
total packet count.
On Wed, 12 Mar 2003, Vernon Schryver wrote:
From: wayne <wayne(_at_)midwestcs(_dot_)com>
... However, it was my understanding that qmail
didn't do much validation on the RCPT TO, the validation would come
much later.
Also in common sendmail configurations, such as when you want to
excempt some recipients such as postmaster from access_DB filters.
See http://www.google.com/search?q=sendmail+delay+checks
Anyway, my points were that reporting errors was important because you
want false positives to be reported and it doesn't hurt the spammer
much by not reporting errors. Also, validating early is better
because you waste less bandwidth, and you can force the sending MTA to
do the bounce.
If the sending MTA is standards compliant, you can force it to do the
bounce provided you say 5yz at any time in the transaction including
the very last bits of the transaction.
If you count bits including the DNS lookups for the IP address, HELO
value, Mail_From domain name, and Rctp_To domain names, any IDENT
checks, and DNS blacklists, you often find that the bandwidth required
to process that DATA command and receive the body is less than half
of the total. Stopping before the DATA command is often not much of
a bandwidth savings except for worms and legitimate mail, and you can't
stop the first before the DATA command and don't want to stop at all
for the second.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg