[Top] [All Lists]

Re: Abort data transfer?

2009-10-17 21:48:56

David MacQuigg wrote:

Is it permissible to abort data transfer before the end of data, say after you have received all headers, and you know the DKIM sig is bad?

RFC-5321 section 3.3 says:

  If the verb is initially accepted and the 354 reply issued, the DATA
  command should fail only if the mail transaction was incomplete (for
  example, no recipients), if resources were unavailable (including, of
  course, the server unexpectedly becoming unavailable), or if the
  server determines that the message should be rejected for policy or
  other reasons.

Failed DKIM would be a policy reason.

Independent of DKIM considerations, in our experience where we had a condition to check the accumulated block transfer bytes received exceeding local policy limited and dropping the line created retransmissions.

It was better to wait until the DATA was completed and issue a 55x response in order to stop the retransmissions.

In regard to DKIM policy based rejections, I recommend:

   - Record this failed state detected at DATA
   - Accept the message,
   - Then under RFC 5617 silently discard the message.

The reason is because if the sender is a mailing list, a SMTP level rejects could initiate the the mailing list server to being sending "Last Warning" Subscription Removal notifications after a number of attempts are made.

In order words, any intermediary (re)signer who is not supporting RFC 5617 intentionally or otherwise and continues to forwarded a broken ADSP protected domain message is subject to down link rejections at receivers who support DKIM/ADSP.

To mitigate this, the receiver should accept the message and discard it instead of creating a potential of harming the membership list.

For our Mailing list Server which will honor RFC 5617, because of this potential conflict, we will filter all submissions from ADSP domains.


Hector Santos

<Prev in Thread] Current Thread [Next in Thread>