ubuntu at tigershaunt.com
Tue Jul 29 18:43:36 UTC 2008
Steve C. Lamb wrote:
> On Tue, Jul 29, 2008 at 01:37:01PM -0400, Rashkae wrote:
>> Can you clarify what you consider the 'right thing?'.. Chances are I'll
>> disagree, but I'd still like to know wtf your talking about.
> Content filtering and rejection at SMTP time. IE, check for viruses/spam
> at the end of the data block and issue a 550 if either are found as a response
> to the data block.
> In spite of Derek's response Postfix is qmail-esque in that it has
> multiple programs to do multiple things. Because of this the daemon which
> sits on 25 and accepts mail doesn't do the content filtering. It passes it to
> something else. However, last I checked, both postfix and qmail were
> incapable of doing content filtering until it passed the message to the next
> program in the chain. However to pass to the next program in the chain they
> have to accept the message.
> Once the message is accepted they are obligated to either deliver it or
> issue a bounce. Issuing a bounce on forged headers leads to extremely clogged
> queues. By issuning a 550 after the data block the onus on issuing, and
> delivering, the bounce is on the remote side. If the remote side is a virus
> engine then there's no worry. If it isn't then their clogged queue is a big
> hint they might want to shut down the spammer/virus vector that is using them
> as a relay.
I apologize for my statement.. I would forever be in love/lust with a
mail server that behaved this way. Is there one? I see lots of mail
servers configured to reject messages based on arbitrary rules to the
connection negotiation, but none based on message content. I'm not up
to snuff on the RFC's, but I wonder if it's even possible.. Is it legal
for a mail server to reject a message with a 550 after indicating that
it will accept the transmission?
(You know that leaving your mail server host name as localhost will get
you on an RBL list, because it's supposed to be a FQDN, but you can put
whatever nonsense you want in there, like this.is.bullshit.com and
you'll get removed from the RBL, because the RFC specifically states
that the name doesn't have to exist to the outside network (and should
never assume the hostname is valid for a reply) but it's very important
for them that you do indeed have a properly formatted FQDN,,, wtf? ) </rant>
More information about the ubuntu-users