On Oct 28, 2015, at 3:27 PM, Viktor Dukhovni
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:
Well it is being done, and Postfix users are strongly encouraged
to do so whenever backscatter is discussed on the users list.
Sorry, I left out one critical point. Consider what happens when I want to
send mail to ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>. I
write a message in my MUA. It connects to my maildrop at nominum.com
<http://nominum.com/>. Nominum.com <http://nominum.com/> accepts and queues
the mail. Then it establishes a connection to ietf.org <http://ietf.org/>.
IETF.org <http://ietf.org/> mail well send a 5xx status code at the end of the
DATA transaction, but it’s too late: my MUA has already disconnected, and
there’s no way to send a synchronous status update.
In order for this to work, when I connect to my maildrop, my maildrop has to
immediately connect to ietf.org <http://ietf.org/> when it sees RCPT TO:
ietf(_at_)ietf(_dot_)org <mailto:ietf(_at_)ietf(_dot_)org>. It has to then
tunnel the message through, applying any local policy in the process and
aborting the connection to ietf.org <http://ietf.org/> if the local policy
detects a violation while _it_ is scanning the message body that’s being dumped
on the maildrop. If local policy allows the process to get to the end of the
DATA transaction, and the response from ietf.org <http://ietf.org/> is a 5xx
response, then the maildrop server at nominum.com <http://nominum.com/> has to
still have the connection open, and has to respond with the same 5xx response.
If Postfix is able to do this, that is news to me, but I will admit that I gave
up on being a Postfix expert a long time ago—like most MTAs, it addresses too
many use cases, and so it’s difficult to configure. Sendmail, even farther in
the past for me, is even worse. If there is some new MTA out there that does
a better job of addressing modern use cases, I am interested to hear about it.
I get the impression that most of the interesting MTA research nowadays is
being done by the big mail processors, and isn’t trickling down, but I may just
not have looked in the right place.
Of course, what I am describing is made more painful by various anti-spam
tactics like greylisting.