On Sun, Mar 07, 2004 at 08:38:03AM -0700,
administrator(_at_)yellowhead(_dot_)com wrote:
Correct me if I am wrong, but once the DATA phase has begun, there is no
more negotiation until the "." on a new line, followed by a QUIT command
and disconnection.
The dot is followed by a response. This response does not need to be
one of the 2xx series.
The sending MTA does not necesarily ends the session; it may send another
message instead of sending quit.
It seems as if you think the single dot ends the conversation and all off
the remaining talk is just noise. If so, I hope this changed your mind.
A sender is supposed to wait for responses to HELO, MAIL
FROM:, and RCPT TO:, but some spam engines don't even do that. Examining
anything after the DATA phase has begun seems rather pointless, because the
spammer has already started spewing his garbage and will not pay any
attention to an error code sent at the end. Since spammers don't play by
the rules (and they account for 70% of our message attempts), we must
adjust our thinking to match the majority of the traffic.
The spammer can send the garbage, sure. That doesn't mean I have to
listen to it. For instance, postfix doesn't store and process the
message once it determines the message is rejected. Sure, bandwidth
is wasted but at least you get to save on i/o, disk and cpu power.
Now, if spammers wouldn't pay attention to the reply to DATA, this
would actually be a good thing. Rejecting after "rcpt to" might
mean they try again and again and again. If they don't do that when
I postpone the reject until after DATA, I would seriously consider it.
Legitimate senders would get a DSN after their message is rejected
(except when they're using crappy MTA software) just like when I reject
after "rcpt to".
cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags