--On 9 August 2010 16:37:38 -0700 Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
On 8/9/2010 3:57 PM, John Levine wrote:
DKIM and ADSP evaluation are not performed during an SMTP session,
unless the session is delayed after the crlf.crlf, and that's not
supposed to happen.
Why not? My MTA usually does a whole spamassassin run between the end
of data and the ack. It adds maybe five seconds, at a point where 5321
says the timeout should be ten minutes.
It's considered bad form to hold up senders that way. For one thing, it
adds non-determinacy at a point which can produce retransmissions.
Yep. My experience is that MS Outlook MUA does this, but I think I've only
ever seen one incident where an MTA did so.
My belief is that best practice is to queue password authenticated email
submissions, and bounce later if necessary (but not to bounce to a
non-local domain). Unauthenticated mail should be scanned at SMTP time, and
rejected at SMTP time if necessary.
Mail that's authenticated by DKIM, could, perhaps, be treated as
bounceable. However, I think one might only want to apply that rule when
there's some clear relationship between the RETURN PATH address and the
signing domain. For example, if the return path address matches the From
header address, and the From header is DKIM signed.
I'm sure you're not the only one doing it, but as I recall, the standards
to no institutionalize anything that forces it.
d/
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html