On Wed, Mar 23, 2005 at 09:28:49AM -0500, Marc Chametzky wrote:
What we're discussing at the moment is to limit the worst case
to about 10..25 queries, with classic-spf-00 it's still 110
(10 mx or ptr, each with 10 names).
And I think that these kinds of limits make a lot of sense, but aren't
we talking about each of these limits per mail originator?
A very bad dialogue could go MAIL FROM: / RSET / MAIL FROM: / RSET ...
until whatever internal limits on transactions the MTA may have, if any.
Wait until recipients are specified. Perform other, less expensive,
checks first.
There's no need to check SPF when you're going to reject the message
based on bad recipient addresses, bad HELO information, local blacklists,
or accept it based on local whitelists, etc.
alex