[Top] [All Lists]

Re: draft-ietf-sieve-refuse-reject-07.txt

2008-06-18 18:59:53

On 5/29/08 9:22 AM, Ned Freed wrote:
> <Ned quote me but didn't include a quotation line; please do so in
> future, Ned.>:
>> I disagree.  There is a loophole for an implementer to decide that
>> what he or
>> she feels is preferred is to not bother fulfilling this requirement.
>> It needs
>> to be closed.
> Then you really need to provide better evidence that such a loophole
> exists -
> because I'm not seeing it.

That's funny.  You do see it.  You just don't realize it.  You drove the
LMTP truck through the loophole!! (see LMTP discussion below)  My latest
draft doesn't have the loophole that you've insisted LMTP
implementations should be able to drive through!

I have never insisted on any such thing for LMTP. In fact I have from the start
of this debate back in 2006 pointed out the problems with treating LMTP as as a
case similar to SMTP.

My issue has always been that I'm against making an incompatible change to
_reject_, one that will render existing widely deployed implementations like
ours incompliant. And while we do use LMTP in our product, our Sieve
implementation operates at the SMTP level, not the LMTP level, so for me at
least there is no backwards compatibility issue with LMTP at all.

>> also, let's change
>>     using the ereject action, as it is more suitable for such
>> rejections.
>> to
>>     using the ereject action, as reject is unsuitable for such
>> rejections.
> The problem with such claims is that the bar they effectively set is so
> high ereject cannot meet them either. I'm therefore opposed to this as
> well.

I don't understand what you're saying here. Can you put it another way?

No, not really.

>> also, let's change
>>     support protocol level rejection, e.g. an MUA, and MUST be available
>> to
>>     support protocol level rejection, i.e. an MUA, and MUST be available
> It is entirely possible for there to be critters in the email universe
> that act
> at the UA level but which aren't thought of as UAs. So what you are doing
> actually weakens the requirement by making it sound like it only
> applies to
> MUAs specifically.

Have you thought of an example you can provide?

List processors are the most obvious example of something seen as operating
with MUA authority that people don't think of as an MUA. use of basic Sieve in
conjunction with list processing seems like a pretty reasonasble fit to me.

>> I still strongly support requiring a change to the default behaviour,
>> and feel that there is reluctance to change the current behaviour for
>> what was presented as nothing more than an unwillingness to explain what
>> we all agreed were net good reasons for the change.
> I fail to see continuing to impugn the motives for the position I have
> taken is
> in any way helpful here. But in the interests of keeping this civil
> I'm not
> going to respond further.

I've said that the justification is poor.  It's not about you; it's not
ad hominem, so please don't paint it as such.  The point is that the
evidence/argument provided against chaning the default behaviour is weak.

Hundreds of sites at least. Thousands of machines. Many tens of millions of
users. All operating in full compliance with the original Sieve specification,
not using reject to deal with spam, and AFAIK not a demonstable source of
blowback spam.

Seems like a pretty good justification to me for not wanting to break
backwards compatibility.

Now, if you're after a specific use-case where this really matters, I can
provide that as well. The case we run into all the time is in places like Japan
where limiting rejection text to US-ASCII is widely seen as completely
unacceptable. These folks insist that when rejecting legitimate mail (not spam
blocking) the response go back in proper Japanese. Heck, they get really tense
if just the spacing gets screwed up for some reason.

(On a side note, I'm not even sure that extending SMTP to allow UTF-8 error
responses will be an acceptable alternative to DSNs or MDNs here. I have spent
literally dozens of hours dealing with Japanese format and presentation issues
in nondelivery notifications of various sorts.)

These folks will NOT be happy if all of a sudden the rejects they currently
have in their scripts all of a sudden start returning SMTP level responses
saying "generically offensive system response in i-default has replaced nice
Japanese response that probably managed to bow three times and be extremely apologetic and probably made it the recipients fault for not being able to
accept whatever the sender sent". Of course they won't complain - they don't do
that - but they may look elsewhere for their email software. And I happen to
know that there are several implementations out there using Sieve that have no
problem whatsoever ignoring the parts of the standards they find inconvenient.

>> And I'm not clear why this is needed; I don't think it's the case:
>> (However, the LMTP client may then have no choice
>>     but to generate a DSN to report the error, which may result in
>>     blowback.)
>> Where it appears to be the case, the LMTP client may just need to be
>> fixed.
> Fixed how? Suppose the LMTP client is on an ingress MTA. Messages come
> in from the Internet using SMTP and are then sent on using LMTP to affect
> final delivery.

I suspected you'd be bringing this case up again.
It needs to be fixed if it accepts the message before it has determined
whether it should receive it.

But that's operating at the SMTP level, not the LMTP level. And the only
way to enforce that is to not allow LMTP server-side implementation of

But if that's the consensus for what we want to do (and while I personally
don't object I've seen no consensus for such a change) then we need to come out
and say that explicitly, not try and eliminate the case by first including LMTP
as a possible place for ereject to be used but then trying to Venn-diagram it
out of existance with a bunch of complex overlapping requirements LMTP cannot

The approach you're advocating is a sure-fire recipe for confused implementors and broken implementations.

(This discussion has already been hashed out; it's a bit frustrating to
have to go through it again.)

Well, that discussion apparently did not result in even a mention being added
of the likely consequences of LMTP server-side use of rereject, so apparently
it didn't stick.

> Suppose the Sieve implementation is operating as part of the LMTP
> server. (This
> isn't how I'd ever do it, but it is nevertheless a perfectly legitimate
> implementation option.) A message comes in via SMTP and is queued for
> delivery. The LMTP client sends it to the LMTP server, which then runs
> the Sieve which then does an ereject. This is then translated into a
> 550 LMTP response.
> What is the MTA supposed to do now?

You're asking me what to do once you've painted yourself into a corner.
My answer is: DON'T paint yourself into a corner.

And the only way to avoid the corner (in the ereject case at least) is not
to operate at the LMTP server level.

More generally, however, there's no way to avoid this case. We go to a lot of
trouble to try and detect things like over quota conditions so we can reject at
the SMTP level. But this depends on back-channel communication to our MTA from
our store. If our MTA is used with someone else's LMTP server - as it sometimes
is - we have no way to perform a useful check at the SMTP level.

Do I sympathize with you for painting yourself in a corner?  Sure.  But
if you insist on doing it in perpetuity, I don't.

The only thing I insist on in not to gratuitously make existing implementations

Do the TCP or Ethernet specs say send data as fast as you please?  No;
why should we say do what you please here just because there's a market
for such harmful product?

This is an invidious comparison and shame on you for making it.  It would be
one thing if our implementation had violated the recommendations made by
existing standards and, say, implemented an MDN-generating reject when the
standard said not to and then encouraged its used for dealing with  spam (again
when the standard said such usage was inappropriate). BUt that's not what we
did. What we did was follow the standards quite carefully, including doing
everything we can to prevent our customers from using reject, with its
MDN-generating characteristics, from being used to deal with spam.

If you've written an ingress MTA to always
accept mail before determining that the final delivery can be made, then
you have reasons to paint yourself into a corner: laziness, defense of
market niche, the system/software you've written works better that
way...  Good enough reasons?  Not IMO.

And this, Matthew is an ad hominem attack - nothing more and nothing less -
made all the worse because it grossly mischaracterizes what our implementation
does and the reasons why it does it.

And at this point I'm done arguing about this. You, sir, either are an
anti-spam zealot or a very good imitation of one, and I see no point in
continuing to discuss this with you.


<Prev in Thread] Current Thread [Next in Thread>