On Thu, Sep 22, 2005 at 10:45:39AM +0100, David Woodhouse wrote:
Multi-recipient mail is an exception here. If I send a complaint mail
that violates corporate policy to abuse(_at_)domain and user(_at_)domain,
then I
can't reject it at SMTP time (abuse wants it) and I can't not generate
an MDN as I had given user(_at_)domain a 250 during RCPT TO and had to 250
the body to deliver it to abuse(_at_)(_dot_) Since I accepted it, and did
_not_
send it to user(_at_)domain as I had promised, I must generate an MDN or
the sender will be very very confused.
I guess he ment:
s/If I send a complaint mail/If I receive a complaint mail/
And if you could reject it on the basis of its reverse-path and/or
recipients, X-ADAT means you did all that work, and used all that
bandwidth, for nothing. Content scanning is _expensive_ and personally I
_want_ to do it last, after I've tried everything else which might let
me reject the mail. I certainly don't want to end up content-scanning
mail which then turns out to have been addressed to an unknown user.
This situation:
- mail is sent to both abuse and user @domain
- both abuse and user exist
- the only reason to reject is because of the contents
- this rejection should not occur for abuse, only for user
It's generally sufficient just to give a 4xx rejection after DATA if
that turns out to be the case (much like greylisting) and then enforce
separate recipients when it's retried by giving 4xx to the second and
subsequent RCPT TO.
Which means receiving that large file three times, scanning it three times
or caching the scan result+sender+recipients.
Maybe sending 4xx at RCPT TO will work and just never accept mail to
different sets of users (abuse and user are not governed by the same policy)
Alex
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com