Tony Finch wrote:
On Sun, 18 May 2008, ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:
Another issue is that if you do this sort thing you absolutely must
distinguish between submission and relay somehow, and lots of places are
unable to make such distinctions. It's one thing to force a automatic
relay to retry the second and subsequent recipients of a message, quite
another to force some random user to resubmit the message over and over
in order to get it through.
This kind of problem makes me think there's not much benefit to rejecting
messages at SMTP time from trusted clients, whether they are MUAs or MTAs.
Thats how we do it.
As long as the the client is authenticated on one of the following was:
- IP Relay Table
- POP BEFORE SMTP
- ESMTP AUTH
it allows relay and skips all SMTP level checks which currently includes
---- Suite of WCSAP Methods -----
- Local Policy Filter/Rule File,
- DNS RBL
- SPF
- CBV
and WCSAP is done after RCPT TO: is checked and is not local.
This keeps with the traditional BCP of accepting all local recipient or
hosted mail. All the extra is only required and done if its a relay.
At the DATA level, we offer a rule based filtering system but these
rules are 100% defined by the administrator. The SMTP software makes no
inherent rule at the content level. The only thing we provide is an
example simple rule - "check for bad words", etc.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com