Re: [Exim] acl_smtp_predata

On Thu, 2004-07-15 at 11:52 +0100, Tony Finch wrote:
> (1) [DATA] is a synchronization point. If PIPELINING is in operation
> delaying in a RCPT ACL only delays, but a delay in a predata ACL would
> probably be an effective ratware detector.

hmm? the delays in RCPT ACLs are cumulative, you won't get a response
to DATA until they're all passed.

> (2) There are situations in which you might want to say that an address is
> OK from the point of view of a callout but not from the point of view of
> actually sending a message. You could then accept the RCPT command but
> reject the message at predata time to save the bandwidth consumed by the
> data.
>
> For example, Postfix does callouts using MAIL FROM:<postmaster@...> which
> puts a spanner in any scheme for requiring that (signed) return path
> addresses are only used in MAIL FROM or in the RCPT TO of a bounce.

ah, an interesting way of getting round that braindamage.

> Another example is Exim's header_sender callouts, which are FROM:<> but
> the address may not be a valid bounce recipient address.

I don't get it, isn't that the point? why would you accept these
addresses in RCPT TO and reject the DATA?

> (3) One of the tests we do in the RCPT ACL is to check if MailScanner is
> keeping up with the load and defer if it isn't. It'd be better to do this
> once at predata time.

wouldn't the MAIL ACL work almost as well? sure, under load you'll
defer lots of spam in MAIL FROM rather than rejecting it in RCPT TO, but
I don't think that's a problem.

--
Kjetil T.