[exim] Let the 'postmaster' callout option be damned

Góra strony
Delete this message
Reply to this message
Autor: Tim Jackson
Data:  
Dla: exim-users
Temat: [exim] Let the 'postmaster' callout option be damned
I have a feeling this may well spark some fighting, but a recent incident
has made me somewhat of the opinion that the "postmaster" callout option
is, with every respect to Philip, somewhat flawed.

Callouts in any form are certainly controversial and I don't use them
myself out of respect for the fact that some people consider them abuse,
although I don't personally particularly object to anyone attempting a
callout on envelope sender addresses that I use. However, the "postmaster"
callout option seems to me to be an incorrect extrapolation of the logical
basis of callouts (which is that you don't want to accept mail from an
address to which you can't send DSNs) into the area of rash assumptions.

Specifically, I do not believe that you can deduce from the fact that you
are presented with a mail with an envelope sender of <foo@???>,
that example.com is misconfigured just because you cannot send a DSN
(specifically) to <postmaster@???>.

Let me give an example. In an attempt to be a "good netizen", I receive
postmaster@ mail for a significant number of domains; I insist that all
domains I handle have a working postmaster address (amongst others) and am
happy to take on the responsibility of handling any mail which comes to
those addresses in an appropriate manner. However, a recent Winblows virus
has been merrily forging lots of system addresses (including postmaster@)
on spam it sends out, and I've been receiving collateral bounces to
various domains as a consequence. Since I never actually *send* mail using
the identity of postmaster@<most_domains_I_handle>, I see no reason for me
to have to accept DSNs to those addresses, since any such messages are
obviously pointless spew which is the result of forgeries. Therefore,
a polite

550 This address does not send mail and so does not receive DSNs

is presented at SMTP RCPT time in these circumstances.

Certainly, we've had some discussions recently on this topic; I understand
that Nigel rejects DSNs to the list address of this very mailing list with
the same reasoning, and he's not alone.

You can, however (I hope) clearly see the problem now. Exim's "postmaster"
callout option uses the null sender and therefore makes the rather rash
assumption that because it cannot send a DSN to postmaster@???
(when postmaster@??? has not initiated a message to it) that
example.com is misconfigured. Since it has not received a mail with an
envelope sender of postmaster@???, I would argue that it has no
reasonable basis to assume that it should necessarily be able to deliver a
DSN to that address. As a consequence of this misplaced assumption, users
of example.com cannot send to sites which have Exim postmaster callouts
enabled, even though they have a working postmaster address.

An example of a large site which has enabled Exim postmaster callouts is
lists.sourceforge.net.

I'd say this is a pretty unhappy state of affairs.

Therefore, I invite reasoned opinions, flames and hate mail (though the
former is preferred) on the following, likely controversial, items:

1. Am I some kind of despicable RFC-flouting hellraiser to even consider
rejecting DSNs to postmaster addresses which happily accept non-DSN mail
but are *never* legitimately used in the envelope sender of any mail? Any
specific RFC pointers are welcome, although to be honest I'm pretty firmly
of the opinion that whatever the RFCs say, this is a reasonable thing to
do in today's climate. I can't see how what I'm doing can possibly
adversely affect any legitimate mail or how anyone can argue that I should
be forced to accept DSNs for mail I didn't send, even to special addresses
such as postmaster@.

2. I propose that in future Exim releases the "postmaster" callout be made
a no-op (at least without source-level intervention), removed from the
manual and deprecated. I realise that this is a relatively radical
suggestion, but after consideration I do think that this option is
fundamentally flawed.

3. As a poor alternative to (2), I propose that at the very least a strong
warning is placed in the Exim spec cautioning against the use of the
"postmaster" callout option, with an explanation along the lines that I've
given here.


Thanks,


Tim