Autor: Alan J. Flavell Fecha: A: Marc MERLIN Cc: Exim users list Asunto: Re: [Exim] opinion on unconditional accept for postmaster
On Tue, 10 Dec 2002, Marc MERLIN wrote:
> I actually receive mail for postmaster and abuse, in front of any blocks I
> could have.
That's pretty much our approach too, except for addresses which have
behaved so abusively that they're IP-blocked at the campus external
router etc. from any further contact with the site (that's out of our
hands as departmental posties!).
Well, on top of that, recently I've taken a dislike to dictionary
scanners who fill up our rejectlog with a couple of dozen bad RCPT TOs
per SMTP call, so the open proxies that they hide behind have been
writing themselves into a short-ish blacklist of sites for which we
refuse further TCP connections: they'd then have no chance to contact
the postmaster. (But that was before I discovered the effectiveness
of a 6 minute timeout in the RCPT ACL, so maybe that can be
reconsidered.)
> Besides, blocked people then have no recourse to contact you and tell you
> the block was made in mistake (it does happen)
Not _quite_ true, in practice. There would either be their network
provider's abuse contact, or in many cases there would be the
postmaster at the higher level domain. Enough times I've
sucessfully dealt with abuse from (or via) foolab.barcorp.example by
contacting postmaster@??? when an approach to foolab
itself had not produced an appropriate effect.
> - refuse Email that fails SMTP callbacks, even to postmaster
Could you clarify your intention? Suppose a remote MTA already
responds to a bounce at the mail from:<> stage in this way:
550 Sender Not Authorised [Originator entry 'postmaster@???'
rejected message based on in-relay MTA 'othello.physics.gla.ac.uk']
- are you going to try using some other sender in order to find out
whether they'll let you reach their postmaster; or are you just going
to refuse mail from that whole domain?
It would be hard to complain about that to btconnect.com's
higher-level domain or upstream provider :-}