Gary Levell wrote:
Wayne wrote:
<snip>
[....]
MTAs or other processors MAY also impose a limit on the maximum
amount of elapsed time to perform an authentication. Such a limit
SHOULD allow at least 20 seconds. If such a limit is exceeded, the
result of authentication SHOULD be "error".
Seth recons this should be user configurable and I kind of agree since
the other limits are hard limits placed by the publisher of the policy
and there should be ways to check that it functions, but if you are on
the end of a slow link and keep getting timeouts, you might need to
have a local increase in this time.
What the point ? SPF is not limited to pre-DATA mechanism (authentication).
You can freely use SPF to categorize already delivered emails.
Even more - you can start SPF processing in parallel with email recieve and
abort connections (with correct error code, not TCP RST) if you descover
something wrong (unsure if spammer mail server will retry in case of such a
abort )-:
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua