ietf
[Top] [All Lists]

Re: We need an architecture, not finger pointing.

2015-10-28 16:15:13
On Oct 28, 2015, at 3:27 PM, Viktor Dukhovni 
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:
Well it is being done, and Postfix users are strongly encouraged
to do so whenever backscatter is discussed on the users list.

Sorry, I left out one critical point.   Consider what happens when I want to 
send mail to ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>.   I 
write a message in my MUA.   It connects to my maildrop at nominum.com 
<http://nominum.com/>.   Nominum.com <http://nominum.com/> accepts and queues 
the mail.   Then it establishes a connection to ietf.org <http://ietf.org/>.   
IETF.org <http://ietf.org/> mail well send a 5xx status code at the end of the 
DATA transaction, but it’s too late: my MUA has already disconnected, and 
there’s no way to send a synchronous status update.

In order for this to work, when I connect to my maildrop, my maildrop has to 
immediately connect to ietf.org <http://ietf.org/> when it sees RCPT TO: 
ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>. It has to then 
tunnel the message through, applying any local policy in the process and 
aborting the connection to ietf.org <http://ietf.org/> if the local policy 
detects a violation while _it_ is scanning the message body that’s being dumped 
on the maildrop.   If local policy allows the process to get to the end of the 
DATA transaction, and the response from ietf.org <http://ietf.org/> is a 5xx 
response, then the maildrop server at nominum.com <http://nominum.com/> has to 
still have the connection open, and has to respond with the same 5xx response.

If Postfix is able to do this, that is news to me, but I will admit that I gave 
up on being a Postfix expert a long time ago—like most MTAs, it addresses too 
many use cases, and so it’s difficult to configure.   Sendmail, even farther in 
the past for me, is even worse.   If there is some new MTA out there that does 
a better job of addressing modern use cases, I am interested to hear about it.  
 I get the impression that most of the interesting MTA research nowadays is 
being done by the big mail processors, and isn’t trickling down, but I may just 
not have looked in the right place.

Of course, what I am describing is made more painful by various anti-spam 
tactics like greylisting.