ietf-mta-filters
[Top] [All Lists]

Re: draft-elvey-refuse-sieve-02.txt

2004-08-10 17:04:37

Cyrus Daboo wrote:
Kjetil Torgrim Homme wrote:
I think "reject" should be deprecated.  it is never appropriate to send
an MDN.  the tests available in Sieve today are not sufficient to have
any chance of avoiding being an accomplice in a joe-job attack.

Well what is the difference between a DSN and an MDN joe-job? The reality 
is that even refuse suffers from this problem as there are several cases 
where refuse results in a DSN joe-job (in fact I think it will be the 
majority of cases). The only way to really address this is to only allow 
discard.

yes, as it stands, few mail clusters will be able to do this right, but
it would be nice if we made it possible.  Sieve is today typically run
by the MDA only, and a refuce in the LMTP dialogue is as you imply of
little value.  this extension should allow the MTA to run the Sieve
script, _in_addition_to_ the MDA.  this way, we can do the refuse on the
border and avoid the DSN joejob problem (or at least drastically
minimise it).

Also this assumes that you are only using sieve for spam filtering, but 
there are other legitimate uses for it!

but the legitimate uses are wide open for attack.  I'm getting really
tired of "Thank you for contacting Acme customer service.  You've been
assigned ticket #4378353."

-- 
Kjetil T.


<Prev in Thread] Current Thread [Next in Thread>