At 06:30 AM 5/20/2004 -0400, you wrote:
Hrm... this active forwarding rather than store-and-forward doesn't
sound like a half bad idea to discuss... What if a forwarder received
envelope information from a client, then opened a new connection to the
forwarding address's recipient mail server with a new envelope. If for
some reason that fails, a temporary failure or reject (depends on the
case) could be generated for the client. If that connection succeeds,
the forwarding mail server gives the client the OK in response to the
envelope info and the client goes ahead with DATA. The forwarder would
then send that data through to the recipient server. The only problem
with this that I can see is some potential latency which would grow
exponentially with every forwarding hop, and the possible ability to
detect which addresses are forwarded based on this latency. In this
scenario, if the recipient server rejects, there is no bounce, the
forwarding server immediately rejects the sending client. If the
recipient server accepts the message, and then it must bounce later, the
forwarding server would still have to handle it based on it's new,
proper envelope it used with the recipient server. Can anyone think of
a way that an 'active forwarding' scenario like this could handle this
condition? How often would a final destination recipient server accept
a message and then bounce it?
--
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
******************** REPLY SEPARATER *********************
I believe you will find that Postini already uses active forwarding. I base
that assumption on a typical output from a program I built to monitor
traffic to and from our mail server. In the example below, the incoming
email is a virus which is quarantined and a notification sent to the
recipient. The Postini server completes the HELO, MAIL FROM:, and RCPT TO:
phases. At this point it detects the virus and does an RSET before entering
the DATA phase. It thens repeats the same procedure with the notification,
all on the same connection. With Spam, our log files are full of these
connections that simply end in a QUIT because notifications are not sent
for each individual Spam. Our server does not bounce messages from the
outside, as I am a firm believer that messages should be rejected before
the DATA phase.
J.A. Coutts
---------------------------------------------------------------------
12.158.34.140:54833
HELO psmtp.com
MAIL FROM:<>
RCPT TO:<abc(_at_)yellowhead(_dot_)com>
RSET
MAIL FROM:<postmaster(_at_)yellowhead(_dot_)com>
RCPT TO:<abc(_at_)yellowhead(_dot_)com>
DATA
Date: Mon, 05 Apr 2004 11:15:46 EDT
From: "Alberta Independent Internet Support"
<postmaster(_at_)yellowhead(_dot_)com>
To: abc(_at_)yellowhead(_dot_)com
Subject: Alberta Independent Internet Detected Potential Virus
Dear abc(_at_)yellowhead(_dot_)com,
Alberta Independent Internet's virus protection service has detected a
potential
email virus. This suspicious message has been quarantined in
your Alberta Independent Internet Message Center:
From: Internet Mail Delivery <postmaster(_at_)l-daemon>
Subject: Delivery Notification: Delivery has failed
Virus: W32/Netsky(_dot_)p(_at_)MM
You can read the message without infecting your computer.
Click on the link to access your Alberta Independent Internet Message Center:
http://login.postini.com/exec/login?email=abc(_at_)yellowhead(_dot_)com
Thank You!
Alberta Independent Internet
.
-------------------------------------------------------------------