RE: [Exim] Idea for a per-recipient DATA ACL stage

Edgar Lovecraft wrote:
> In 'quietly droping recipients' please remember that you are severly
> breaking the SMTP RFC standards. Think of the damage that will be
> done to any message tracking...
>
> I send a message to two of your users and your server gives an
> "OK Message Accepted" to the DATA phase of the transaction. I now
> think that the message was delivered.
> Your server 'silently drops' the delivery to one of the two
> recipients.
> I know think that not only was the message delivered, but that the
> message was deliverd SUCESSFUlLY to BOTH users as there was never a
> DNR sent to the 'droped' user.

Indeed that can happen, but then why was :blackhole: ever invented then? :)
I can silently drop a message that you send to a specific recipient already
using Exim quite easily, and I would like to think that if one of my users
wishes to do the same based on rules they set up, why not let them. If they
find out that one of their filters has been dropping messages from a valid
contact - their fault!

As well, there's the errors_to setting for routers that will effectively
allow you to stop generating any bounce errors at all to the intended
recipient.

> If you just have-to-have per-recipient/per-domain checks, then the
> only prudent thing to do is either 'accept like users' during RCPT
> TO: or accept only one RCPT TO: at a time, or accept the message and
> then send the DNR after you reject the message like you are supposed
> to.

Yes however that imposes way too much overhead across the internet to make
it feasable (I would think - no proof to back that claim up). If it's
possible to avoid accepting only one recipient at a time, I'd like to do
anything possible to help since I really do see that method as a horridly
ugly hack to accomplish something that can be accomplished much more
gracefully with a bit more work.

>> Personally though, my big reason for mentioning something like this
>> (and hoping that the idea is followed through!) is that it would
>> allow other message filtering to be done at ACL time as well that
>> was per domain/user specific.
>
> Here is what I do, I get all of the relevant 'scanning' information
> that I need during the ACL phases and push that information on with
> the message. If the message is acceptable at a 'global' level (no
> viruses, etc) , then I accept it, and give (for better or worse) the
> standard DNR's should I need to at a per recipient level during the
> delivery.

Yeah, right now I'm happy with the spam/virus stuff I have working at a
global level in the ACLs. I just put headers on things and reject any and
all viruses regardless, but it would be nice to have a per user ability
during this stage. I'm working on making a script that will spit out Exim
filter data so that it will do all the additional per user/domain filtering
during the router or transport stage, but I'm not sure how much of a
performance hit I'll be taking by calling an external script to do this. I
was hoping to be able to have all message filtering done at ACL time so that
messages we didn't want to accept for any reason would be rejected before
they're ever accepted - no bounce messages required and it helps reduce spam
(I hope).

> I always thought that the $domain and $local_part at DATA time was
> quite clear in the Exim Docs.

As did I :) I ran into this problem once simply because I wasn't paying
attention, but I always understood why they weren't available. You can't
count out all the people who have emailed in to the mailing list wondering
why their stuff isn't working when they try to use them during DATA time
though :)

Eli.