-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 26, 2008, at 7:27 AM, Ian Eiloart wrote:
I think you will be happier with what is possible in Mailman 3. In mm3 we have a working LMTP server, those it's based on asyncore and its scalability is questionable. Although I have not yet done
this, I plan to tie the rule chain checker into LMTP so that if your MTA supports LMTP delivery the following can happen:worldwildwonderland -> SMTP -> MM's LMTP -> rule checks
The rule checks then could tell LTMP to reject the message right there, which would return 5xx to SMTP and /it/ would return 5xx to whatever upstream SMTP its talking to.
Now, I wouldn't want to do a lot of work at that point, but some simple checks would definitely be possible. You can reject messages as early in the process as possible and do it at the SMTP layer.
It needs to be done after RCPT TO. LMTP allows you to sensibly do
this later, and get return codes for individual recipients. However, it
we're doing this with call forwards from an MTA which is receiving email
over SMTP, then the MTA will have to check the sender/recipient pair at
RCPT TO time.on connect: accept the connection HELO/EHLO: reject if the sending MTA isn't known MAIL FROM: accept (perhaps unless the sender address is forbidden to post to all lists). RCPT TO: accept if the sender has permissions to post to the list, otherwise
reject. This is the last chance to give a list specific response to an MTA
that is engaged in a callout. DATA: reject null senders here if appropriate. Rejecting a null sender at
RCPT TO or earlier might break callouts. ............. . Check the data, reject if inappropriate for a specific list (but
this is likely to cause a bounce from our MTA). Because we've decided to
trust the sender, we should be OK to bounce a message here, unless the list is
an open list.
This is great. I've captured it on the wiki: http://wiki.list.org/display/DEV/LMTP+process
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgA5GYACgkQ2YZpQepbvXGfyACdGdsEJtyQgevZWggi1kviroHr GiEAoLQoEhQ+TV8CRr5NF9cKk6IkIddp =WjHS -----END PGP SIGNATURE-----