ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: We need an architecture, not finger pointing.

2015-10-28 16:15:13
from [Ted Lemon] [Permanent Link] 
On Oct 28, 2015, at 3:27 PM, Viktor Dukhovni 
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

Well it is being done, and Postfix users are strongly encouraged
to do so whenever backscatter is discussed on the users list.


Sorry, I left out one critical point.   Consider what happens when I want to 
send mail to ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>.   I 
write a message in my MUA.   It connects to my maildrop at nominum.com 
<http://nominum.com/>.   Nominum.com <http://nominum.com/> accepts and queues 
the mail.   Then it establishes a connection to ietf.org <http://ietf.org/>.   
IETF.org <http://ietf.org/> mail well send a 5xx status code at the end of the 
DATA transaction, but it’s too late: my MUA has already disconnected, and 
there’s no way to send a synchronous status update.

In order for this to work, when I connect to my maildrop, my maildrop has to 
immediately connect to ietf.org <http://ietf.org/> when it sees RCPT TO: 
ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>. It has to then 
tunnel the message through, applying any local policy in the process and 
aborting the connection to ietf.org <http://ietf.org/> if the local policy 
detects a violation while _it_ is scanning the message body that’s being dumped 
on the maildrop.   If local policy allows the process to get to the end of the 
DATA transaction, and the response from ietf.org <http://ietf.org/> is a 5xx 
response, then the maildrop server at nominum.com <http://nominum.com/> has to 
still have the connection open, and has to respond with the same 5xx response.

If Postfix is able to do this, that is news to me, but I will admit that I gave 
up on being a Postfix expert a long time ago—like most MTAs, it addresses too 
many use cases, and so it’s difficult to configure.   Sendmail, even farther in 
the past for me, is even worse.   If there is some new MTA out there that does 
a better job of addressing modern use cases, I am interested to hear about it.  
 I get the impression that most of the interesting MTA research nowadays is 
being done by the big mail processors, and isn’t trickling down, but I may just 
not have looked in the right place.

Of course, what I am describing is made more painful by various anti-spam 
tactics like greylisting.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: We need an architecture, not finger pointing., Phillip Hallam-Baker
Next by Date:  Re: We need an architecture, not finger pointing., ned+ietf
Previous by Thread:  Re: We need an architecture, not finger pointing., Viktor Dukhovni
Next by Thread:  Re: We need an architecture, not finger pointing., Doug Royer
Indexes:  [Date] [Thread] [Top] [All Lists]