"Tony Finch" <dot(_at_)dotat(_dot_)at> wrote in message
news:Pine(_dot_)LNX(_dot_)4(_dot_)60(_dot_)0504141507180(_dot_)8804(_at_)hermes-1(_dot_)csi(_dot_)cam(_dot_)ac(_dot_)uk(_dot_)(_dot_)(_dot_)
On Thu, 14 Apr 2005, Hector Santos wrote:
An ESMTP AUTH conversation is a serials of commands after the EHLO.
CSV
promotes NO concepts of delayed verification
That's a matter of MTA configuration and nothing to do with CSV's
specification.
It has EVERYTHING to do with any new concept that attempts to step on the
toes of existing authentication/authorization methods.
I guess only experienced product vendors will see this because the same
issue came about with RBL concepts which means systems initially implemented
at the IP connection level. Our ISP administrators wanted new options to
delay the RBL checking and/or wait to see if the client was going to be
authorized using traditional means.
I can guarantee that the layman customers will eventually say the same thing
for ANY other new concept, especially CSV since it is inherently at the top
of the state machine and doesn't have a clue about pending information.
It's up to admins at what point in (or after!) the SMTP
conversation they choose to perform any particular check, and to choose
the order in which checks are performed. Therefore CSV leaves it
unspecified.
Hence, once again, why CSV will continue to experience an barrier for
consideration.
Look, you need get all the conflictive design issues straight. You got Dave
talking about scalability and now you got Tony saying it doesn't matter!
The problem is that you think everyone is going to be using SIEVE for this,
oops, sorry, SIEVE does not have any DNS lookup capabilities.
The problem is that you think everyone will have a dynamic SMTP hooking
concept like EXIM, Wildcat! and others offer. What if they don't?
The problem is that you think everyone is going to implement CSV directly
into SMTP, when in fact, you still have to deal with SMTP systems that only
offer POST SMTP AVS concept. A good bit of the systems still use POST SMTP
for scalability reasons because they have software that is too slow to
process high volume of data and/or isn't multi-threaded in nature. I still
have sysops who "think" in UUCP/SLIP mode for god sake!
So you got get these things straight before you want anyone to seriously
consider a concept that is inherently SMTP based, will require a wide change
across the board with uplinks and downlinks and will most definitely be
required to be optimized with delay verifications whether you realize it yet
or not.
Tony, look at it this way. If CSV was the cat's meow, we would of
implemented long ago. I have no reason to decide against other than for its
technical merits - plain and simple.
----
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats (WcSAP Anti-Spam Stats)