Re: [Exim] Please add support for ACLs run at _start_ of dat…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Edgar Lovecraft
Date:  
À: exim-users
Sujet: Re: [Exim] Please add support for ACLs run at _start_ of data
Andreas Metzler wrote:
>

..[snip]...
> > Why?? All that really needs to be done to is to change HOW you are
> > doing the sender callouts.
> [...]
>
> I think[1] you are missing the point. - Steinar is not concerned about
> /his/ callouts but the callouts other machines will make to his exim
> and these are not under his control.
>               cu andreas
> [1] I am not 100% sure but I cannot see how greylisting can have an
> effect on callouts /issued/ by this machine that s using greylisting.


Okay, perhaps I am missing something in regards to the entire greylisting
thing (and yes I have read the papers).

Here is my understanding of a 'normal' transaction:
CLIENT: connects to server
SEVER: 220 Banner
CLIENT: HELO someserver.somewhere
SERVER: 250 OK
CLIENT: MAIL FROM: <user@wherever>
SERVER: 250 OK
CLIENT: RCPT TO: <myuser@myserver>
SERVER: 451 DELAY 'Thanks for the info, send again later, we greylist'

With Callouts:
CLIENT: connects to server
SERVER: 220 Banner
CLIENT: HELO someserver.somewhere
SERVER: 250 OK
CLIENT: MAIL FROM: <user@wherever>
SERVER: 250 OK
CLIENT: RCPT TO: <myuser@myserver>
[[SERVER DOING CALLOUT]]
CLIENT: connects to server
SERVER: 220 Banner
CLIENT: HELO myserver.mydomain
SERVER: 250 OK
CLIENT: MAIL FROM: <>
SERVER: 250 OK
CLIENT: RCPT TO: <user@wherever>
SERVER: 451 DELAY 'Thanks for the info, send again later, we greylist'
CLIENT: QUIT 'do this like all good call outs do'
[[SERVER DONE WITH CALLOUT]]
SERVER: 451 DELAY 'Thanks for the info, send again later, we greylist'

Other than possibly delaying email for longer than necessary, this would
not be a problem even from a callout setup, UNLESS the CLIENT: views
'451 DELAY's as the something as '550 REJECTED', in that case, there
is a problem on the CLIENT: IMHO.
The CLIENT: would retry again at a later time, and the SERVER: should now
OK the RCPT TO: the second time around. This is something that
'could be a possible problem' even according to the greylisting papers,
that is why the papers mention that MAIL FROM:<> and
MAIL FROM:<postmaster@...> 'possibly' need special consideration. This is
'the danger' of the greylisting approach to all email from all hosts.

As to rejecting at the start of the DATA session, exim does this now as
long as ALL recipients have been either rejected, defered, or discarded
BEFORE the data command is issued by the CLIENT:
'503 valid RCPT command must precede DATA', and in a greylisting approach,
are not ALL of the recipients for a given message defered, denied, or
discarded??
--

--EAL--