Author: Alan J. Flavell Date: To: exim-users @ exim. org Subject: Re: [exim] Exim domain and login checks for relay
On Sun, 16 Apr 2006, Jeremy Harris wrote:
[...] > - reject senders not matching the specific auth data
"Rejection" is not as easy as it sounds. We try to reject mail
submissions which present non-existent sender addresses - but mail
client software typically does not react well to a 5xx telling it that
the client's purportd sender address is invalid. We've seen quite a
number of different scenarios in which the client station then
continues to batter the mail server with repeated attempts to send the
mail, more or less indefinitely until the mail admin steps in.
We could hardly accept the submission and then try to report the error
back by means of a "bounce", since the bounce is *supposed* to go to
the envelope sender address, and the whole problem is that the
envelope sender is invalid!
In our case, that's specifically a problem for mail submission from
trusted IP addresses, for which we don't yet enforce authentication.
If and when the submission policy is changed to demand authentication
from all senders, then presumably the solution to an invalid sender
address from the client, is to replace the invalid address with the
canonical sender address of the authenticated user. Or at least to
report rejection by means of a bounce /to/ the canonical address of
the authenticated sender...?
