[Top] [All Lists]

Re: Do the must 'bounce' rules need to be relaxed for virus infec ted messages?

2004-03-26 08:23:03


I think this discussion is leading to the following as far as 2821bis is concerned...

        (1) A slightly broadened statement to the effect that
        rejection of mail without notification on a policy basis
        is permitted, but should be used with extreme caution
        given the long tradition and community expectations that
        mail is either delivered or returned.
        (2) An observation that it may be a rational policy to
        not deliver mail that has an invalid return address,
        although the history of the network is that users are
        typically better served by delivering any message that
        can be delivered.  That observation should also note
        that reliably determining that a return address is
        invalid can be a difficult and time-consuming process,
        especially if the putative sending system is not
        directly accessible or doesn't fully and accurately
        support VRFY.
        (3) A comment in the "timeouts" section that it may be
        appropriate to establish a shorter expiration on the
        requeue and retry period for an NDN than for normal
        message traffic.  E.g., if a particular system is
        configured to retry normal outgoing messages for up to
        four days, it might sensibly be configured to give on
        trying to transmit bounce messages after only one or two.
        (4) A suggestion that, if a message is rejected because
        it is found to contain hostile content, bounce/rejection
        messages should be sent only if the receiving/targeted
        site is fairly sure those messages will be usefully
        delivered.   I.e., the preference/ default is to _not_
        send out NDNs for that type of message.

Text for any of those comments would be welcome, as would further discussion if I've gotten it wrong.

Beyond that, I think the discussion in this thread has turned into yet another discussion of best operational practices under various circumstances, and not really about SMTP. I note in particular that, in the model of 2821 and its predecessors, the SMTP definition stops when a message is delivered to a message store or an intermediate for that store. So, if the model transaction is any of

   MAIL FROM, then reject
   RCPT TO, then reject
   DATA, then reject
   Accept data, then bounce

then language in 2821 applies.  But, it is is

   Accept data, deliver to mail store or pre-store virus scanner

Then what you do with that message is not an SMTP problem. As far as SMTP is concerned, it has been accepted and delivered.

Now, I think a "best practices" for what to do in the latter case, and especially what to do if the mail is determined to be faked or hostile, is entirely in order. But it isn't part of 2821. I hope that anyone who wants such a document will produce an I-D on which serious examination is possible, rather than engaging in continuing back-and-forth sniping on this mailing list.