On Wed, 6 Feb 2008, Alessandro Vesely wrote:
Michael Deutschmann wrote:
If there is an in-transaction rejection in Case 3/4, the forwarder will
have to shut down the input end of the forward anyway, to protect itself
from an accumulation of deadletters.
Does that imply no mail queue? In that case, how can it handle the case of
multiple recipients requiring multiple connections, one of which fails
after DATA? (The raison d'être of LMTP.)
No, there's still a queue. Which means that at least one deadletter
cannot be avoided.
The only way to avoid backscatter of non-SPF-pass messages is for them to
always be delivered forward. Within a single administrative domain, this can
be arranged, with inner mailservers told to suspend all judgement of mail
relayed in from a border MX.
It gets problematic when more than one administration is involved, such as
an externally administered backup MX, or of course forwarding. Here, the
border MTAs can fear being "betrayed" by the inner MTAs, via an
in-transaction 5xx.
To make betrayal a poor option for the inner MTA, I suggest that border MTAs
should apply the following brutal tactics:
1. Add a state to each message in the queue, which can be one of:
B - bouncable
U - unbouncable
H - unbouncable, held
R - unbouncable, re-queued
2. Every message begins in U state, unless it has a non-null MAIL FROM that
recieves an SPF Pass, in which case it begins in B state.
3. If a B state message fails to deliver (in-transaction 5xx or
in-transaction 4xx for "too long"), it is bounced normally.
4. If a U state or R state message fails to deliver, it is not converted to
a bounce, but instead transformed to H state and left frozen on the queue.
No automatic attempts are made to deliver H messages.
5. A border-MTA administrator can manually issue a command that all H-state
mail targetted at a specific address or domain be transformed to R-state,
which will re-start delivery attempts. This is an explicit, manual exception
to the general rule that 5xxes are final.
6. So long as a single R-state or H-state message is on the queue for an
endpoint, no new e-mails that would be U-state will be accepted for the
target. Instead, they will recieve in-transaction 4xx or 5xx.
7. The border-MTA administrater will be alerted when a message enters
H-state. Normally he will then contact the inner-MTA admin to let him know
he needs to fix his system. If the inner-MTA admin assures him the problem
is fixed, then the border-MTA gives the requeue order, and once the
resurrected deadletters exit the queue, normal relaying resumes.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=94162559-46ca54
Powered by Listbox: http://www.listbox.com