[Mailman-Developers] before next release: disable backscatter in default installation
Barry Warsaw
barry at list.org
Sat Apr 12 18:33:38 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 26, 2008, at 7:27 AM, Ian Eiloart wrote:
>
>>
>> I think you will be happier with what is possible in Mailman 3. In
>> mm3 we have a working LMTP server, those it's based on asyncore and
>> its scalability is questionable. Although I have not yet done
>> this, I
>> plan to tie the rule chain checker into LMTP so that if your MTA
>> supports LMTP delivery the following can happen:
>>
>> worldwildwonderland -> SMTP -> MM's LMTP -> rule checks
>>
>> The rule checks then could tell LTMP to reject the message right
>> there, which would return 5xx to SMTP and /it/ would return 5xx to
>> whatever upstream SMTP its talking to.
>>
>> Now, I wouldn't want to do a lot of work at that point, but some
>> simple checks would definitely be possible. You can reject messages
>> as early in the process as possible and do it at the SMTP layer.
>
> It needs to be done after RCPT TO. LMTP allows you to sensibly do
> this
> later, and get return codes for individual recipients. However, it
> we're
> doing this with call forwards from an MTA which is receiving email
> over
> SMTP, then the MTA will have to check the sender/recipient pair at
> RCPT TO
> time.
>
> on connect:
> accept the connection
> HELO/EHLO:
> reject if the sending MTA isn't known
> MAIL FROM:
> accept (perhaps unless the sender address is forbidden to post to all
> lists).
> RCPT TO:
> accept if the sender has permissions to post to the list, otherwise
> reject.
> This is the last chance to give a list specific response to an MTA
> that is
> engaged in a callout.
> DATA:
> reject null senders here if appropriate. Rejecting a null sender at
> RCPT TO
> or earlier might break callouts.
> .............
> .
> Check the data, reject if inappropriate for a specific list (but
> this is
> likely to cause a bounce from our MTA). Because we've decided to
> trust the
> sender, we should be OK to bounce a message here, unless the list is
> an
> open list.
This is great. I've captured it on the wiki: http://wiki.list.org/display/DEV/LMTP+process
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgA5GYACgkQ2YZpQepbvXGfyACdGdsEJtyQgevZWggi1kviroHr
GiEAoLQoEhQ+TV8CRr5NF9cKk6IkIddp
=WjHS
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list