On Wed, Nov 30, 2005 at 02:49:32PM +0000, David Woodhouse wrote:
On Wed, 2005-11-30 at 14:21 +0000, Julian Mehnle wrote:
Note that this is not exactly what I meant. Proxying the MAIL FROM and
RCPT TO commands is a first step, but really the DATA command should be
proxied, too, in order to cover any content checks that the receiver
system might perform. Only if the receiver system accepts the DATA
command and the message data with a 2xx status code, should the
forwarding/relaying/proxying system "accept" the message vis-a-vis the
calling system. (Or of course if the receiver system isn't reachable.)
Yeah, that _would_ be nice -- you could just about avoid the
store-and-forward altogether. It isn't something which is possible in
any general-purpose MTA that I'm aware of, though. As long as you ensure
that the data policies are in sync (or at least that your MX backup is
no _less_ strict than the primary) it's not so bad just doing it with
verification.
I'm hoping that qpsmtp can do that full proxying, I didn't yet gather
whether it can function as a general purpose MTA, but its only v0.3ish.
The author of smtpprox (which I've not had time to play with either, but
I'm fairly sure is specifically an smtp proxy) has this to say on the
smtpprox website:
NEWS: If smtpprox looks interesting to you, check out qpsmtpd.
And if you do please let me know how it turns out. I've not had
occasion to try it, but from the description on the web page,
it looks like it makes smtpprox obsolete --- and it's got a far,
far larger user community, so it'll have more features and more
bugfixing.
Call-outs I'm aware of. When I first looked at them, I thought it
was a little hackish, and wanted to do something baroque with ldap
when I grew up. But this proxying thing is attractive ...
some things I like about the idea:
less state at the proxy
the mail doesn't even need to touch disk ?
like a call-out but for real
a way to distribute content check processing
Perhaps its time to rethink what we call a general purpose MTA ?
I did look briefly at the postfix website to see if it could do this,
but I didn't learn the answer.
I'd have hazarded a guess that since exim has call-outs it hadn't gone
any further.
I'm sure I read somewhere about a commercial firewall vendor that has
an smtp proxy based originally on sendmail code, but they were at
pains to point out that it was no longer a general purpose MTA.
Dear LazyNet,
I want a general purpose MTA that can do this _and_ everything else,
and make the coffee, if it can be done.
;)
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com