my other FREQ of the day

John Rudd jrudd at UCSC.EDU
Mon Feb 17 03:08:50 GMT 2003


On Sunday, Feb 16, 2003, at 18:35 US/Pacific, Nick Phillips wrote:

> On Sun, Feb 16, 2003 at 03:10:29AM -0800, John Rudd wrote:
>> On Sunday, Feb 16, 2003, at 01:58 US/Pacific, Julian Field wrote:
>>
>>> At 23:38 15/02/2003, you wrote:
>>>
>>>> 3) somewhat related to #1 is that you cannot reject messages based
>>>> upon
>>>> results.  You can try to bounce them, after the fact, but that isn't
>>>> reliable (because you cannot trust the return addresses).  I'd
>>>> rather
>>>> reject them outright.
>>>
>>> That's your MTA's job.
>>>
>>
>> Yes, it should be the MTA's job, but the decision about what to reject
>> depends upon (or, in an ideal world, would involve) the results of
>> what
>> Mailscanner has found.  Sort of a chicken and the egg thing --
>> mailscanner wont make a decision until after the MTA has accepted the
>> message, but if mailscanner finds something bad, then the MTA might
>> want to reject the message ... except that it already accepted it.
>
> You might want to look at Ian Jackson's SAUCE (which works with Exim)
> on the incoming side. I haven't tried it yet, but it basically deals
> with SMTP-time stuff.
>
> Try http://www.chiark.greenend.org.uk/~ian/software/
>

I don't really think that that's what I want.  It's doing its best to
check the integrity of the return and relay addresses, but that doesn't
mean that the end result is valid.  It just means that the hops along
the way actually exist and that the return address exists.  That
doesn't mean that the message came from the individual in question.


What I want is probably something like a milter, that does everything
mailscanner does, and the way mailscanner does it (a persistent process
that works upon a file on disk instead of receiving the file via
socket) ... but unlike a milter, it would work with MTA's other than
sendmail.  That's a bit of a tall order.


Though, for those who say "being and MTA is hard" -- what exactly is
the queueonly sendmail doing that is hard to do?  It does access
checking, which isn't very sophisticated.  Depending upon
configuration, it checks that the sender's DNS and reverse DNS work.
It does some relaying checks.  It decides about when to answer
connection requests based upon the current load, and it throttles the
connection based upon how many messages it's taking from a single host.
  And it is looking at whether or not the queue disk is full.  What else?

I don't think it's doing any form of address rewriting.  It's not doing
virtusertable expansion.  It's not doing alias expansion.  It's not
deciding which mailer to use, whether or not it's a local address for
local delivery or not, etc. etc. etc.

It seems to me that the parts I suggested offloading on to mailscanner
(and only as an option) are NOT the "hard part" of being an MTA.  The
hardest part, I think, would be the logic for deciding how and when the
throttle the connection.


Just thought of two things I missed (because they aren't done at either
of my sites): SMTP AUTH and SMTP-SSL.  I can see SMTP AUTH being
tricky.  Not sure about SMTP-SSL.



More information about the MailScanner mailing list