On Fri, 24 Jun 2005, Greg A. Woods wrote:
> However What I've been trying to get across here is that the language
> for expressing ACLs on sender addresses should not allow the admin to
> specify the null return-path sender address in the first place, or else
> never allow transactions with a null return-path to be presented to
> ACLs.
Why not? It is perfectly legitimate to reject bounces to addresses that
never send mail, and many sites want to do that. Furthermore, as many
sites start to adopt various ways of signing sender addresses, they will
want to reject bounce messages to unsigned addresses, in order to block
collateral spam (aka Joe Jobs).
> I.e. an SMTP mailer that allows one to so trivially say something like:
>
> If the sender is the empty string
> AND the recipient is Y
> THEN deny this message
>
> and have it reject all messages to the stated recipient iff those
> messages have a null return path, is broken by design (or at least
> seriously hobbled with a noose already firmly tied around all its users'
> necks).
I disagree. It depends on the value of Y. If Y is an address that never
sends mail, you probably want to do this.
Anyway, as I said before, the are also other reasons for wanting to
evaluate "if the sender is the empty string", not concerned with
blocking anything. Do you object to "If the sender is the empty string,
then save this message in a special folder", for example?
Removing that facility of testing for the empty string would be
detrimental to these other uses. And anyway, it would be hard to do
completely. "The empty string" can be represented in many ways in Exim:
as a literal string, as a regular expression that matches an empty
string, as a database lookup that matches an empty string, etc., etc.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book