On Nov 21, 2005, at 05:25, Ian Eiloart wrote:
OK, the MTA should ONLY accept email that it can deliver.
FWIW, Mailman currently avoids doing anything about this for a documented reason (scripts/post):
# Immediately queue the message for the incoming qrunner to process. The # advantage to this approach is that messages should never get lost
# some MTAs have a hard limit to the time a filter prog can run. Postfix # is a good example; if the limit is hit, the proc is SIGKILL'd giving us # no chance to save the message.
The extent of sanity-checking it does before queueing the message is to make sure the requested list exists, which is purely a file existence test and involves no list-locking or interpretation of the list configuration.
If you were able to adjust the MTA's filter timeout or perform the ACL check from within the MTA itself and not from a filter program, this might be a moot point. But I suppose you would still need to worry about SMTP conversation timeouts in the client. Whatever you do to vet senders has to be fast and nonblocking to work for large lists.
Also, keep in mind that it should obey the various admin options for allowing mail from some nonmembers, holding mail from some nonmembers, the default action for nonmembers, etc., as well as whether to restrict nonmembers at all, in which case I think it needs some understanding of Mailman internals and not just access to the roster.
--Robby