Re: [Assp-user] SPF Softfailed Reply
In this context, the 451 makes sense. But if intentionally failing a softfail/neutral response in ASSP, a 550 response would be more appropriate for obvious reasons. I have noticed the repeating SPF-blocked retries while monitoring my [sendAllSpam] mailbox during beta testing. All of the attempts for my domain have indeed been spam, so it never became in issue. But it has the potential to. Wim Borghs wrote: The 451 softfail response probably came from rfc 4408 section 2.5.5: A SoftFail result should be treated as somewhere between a Fail and a Neutral. The domain believes the host is not authorized but is not willing to make that strong of a statement. Receiving software SHOULD NOT reject the message based solely on this result, but MAY subject the message to closer scrutiny than normal. The domain owner wants to discourage the use of this host and thus desires limited feedback when a SoftFail result occurs. For example, the recipient's Mail User Agent (MUA) could highlight the SoftFail status, or the receiving MTA could give the sender a message using a technique called greylisting whereby the MTA can issue an SMTP reply code of 451 (4.3.0 DSN code) with a note the first time the message is received, but accept it the second time. so according to this it is suggested to handle spf results as: spf pass - further processing without greylisting (2xx) spf softfail - respond with greylisting test, if there is a 2nd try (passes greylisting test) - further processing spf fail - reject mail (5xx) But since assp handles greylisting before spf-validation it has no use to delay the message again. Anyway, I also see no use for a softfail-error setting, only a use for options to intentionally fail spf-softfail and spf-neutral transactions which would mean using the spf-failed reply instead of accepting... - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
I would recommend that the default be changed to a 550, and that this error response function only be used when intentionally rejecting softfail and neutral responses. Otherwise, I think the reply code should be a 200. I do not understand. When should here happen what? There is no reply-code otherwise in my understanding. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Micheal Espinola Jr wrote: I believe that the default value of [SPFSoftError ./#SPFSoftError] should be changed. Being a negative completion error but not a rejection: 451 (Requested action aborted: local error in processing), the sending server may continue to retry sending the message. I agree, the response code should be a 2xx status. The proper behavior of a softfail is that the message must be accepted. Sending a 451 status makes the sending server think the message failed thus possibly increasing the load on our server due to retries. I have been sporadically seeing this behavior. I would recommend that the default be changed to a 550, and that this error response function only be used when intentionally rejecting softfail and neutral responses. Otherwise, I think the reply code should be a 200. This could possibly work. However for the sake of simplicity it would be better to not have a separate softfail response. As much as I love ASSP for the control it gives i don't see it being useful. ( Perhaps someone else does? ) Kevin - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Kevin wrote: This could possibly work. However for the sake of simplicity it would be better to not have a separate softfail response. As much as I love ASSP for the control it gives i don't see it being useful. ( Perhaps someone else does? ) I agree. Keeping it simple is probably the best approach in this case. ASSP is either rejecting because of a SPF return code or not. In-turn it makes sense to have an SPF error response or not. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Fritz Borgstedt wrote: I would recommend that the default be changed to a 550, and that this error response function only be used when intentionally rejecting softfail and neutral responses. Otherwise, I think the reply code should be a 200. I do not understand. When should here happen what? There is no reply-code otherwise in my understanding. Your right. There would not otherwise be a 200. ASSP would just continue processing. I wasn't thinking logically about ASSP's processing. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
I agree. Keeping it simple is probably the best approach in this case. ASSP is either rejecting because of a SPF return code or not. In-turn it makes sense to have an SPF error response or not. But it is requested that softfail and neutral are not blocking conditions. I think it is even more not understandable if we answer softfail and block with the same code spf fail check would produce. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Fritz Borgstedt wrote: I agree. Keeping it simple is probably the best approach in this case. ASSP is either rejecting because of a SPF return code or not. In-turn it makes sense to have an SPF error response or not. But it is requested that softfail and neutral are not blocking conditions. I think it is even more not understandable if we answer softfail and block with the same code spf fail check would produce. I don't believe an SPF softfail would normally get an SMTP status different from a normal message. I think the only time ASSP should send something other than a 2xx status for a softfail would be when the admin is intentionally failing softfails, otherwise the message should be passed (but a PB score could be collected ). Sending a 451 status is the same as delaying the message however it would keep getting the same response each time and never pass though. Wouldn't this be a bad thing? Kevin - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
I think the only time ASSP should send something other than a 2xx status for a softfail would be when the admin is intentionally failing softfails, we are talking only here about intentionally failing softfail and/or neutral. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Fritz Borgstedt wrote: I think the only time ASSP should send something other than a 2xx status for a softfail would be when the admin is intentionally failing softfails, we are talking only here about intentionally failing softfail and/or neutral. I think so? I'll try to explain how I would imagine this working. From what I understand of the SPF specification messages that are softfail or neutral should be accepted and a 2xx status should be sent. If ASSP were configured to fail either softfail or neutral the SPF error should be sent. Am I making sense? Kevin - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
Kevin wrote: I think so? I'll try to explain how I would imagine this working. From what I understand of the SPF specification messages that are softfail or neutral should be accepted and a 2xx status should be sent. If ASSP were configured to fail either softfail or neutral the SPF error should be sent. Am I making sense? As far as I understand it, and for what I am referring to - yes. The current default for softfail/neutral is a 451 error, which allows the sending server to stay be in a repeatable sending state - similar to being delayed (I use [SPFsoftfail], and I am seeing this behavior ./#SPFsoftfail). If we are intentionally failing a softfail/neutral, I think we should be be sending the same rejection reply as an [SPFError ./#SPFError], so that the rejection is understood to be a permanent failure. As I am thinking about it, I do not see any benefit to having an alternate softfailed reply. But even if there is a benefit to having the ability to sending an alternate verbose message, I dont think it should include the 451 server response. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SPF Softfailed Reply
The 451 softfail response probably came from rfc 4408 section 2.5.5: A SoftFail result should be treated as somewhere between a Fail and a Neutral. The domain believes the host is not authorized but is not willing to make that strong of a statement. Receiving software SHOULD NOT reject the message based solely on this result, but MAY subject the message to closer scrutiny than normal. The domain owner wants to discourage the use of this host and thus desires limited feedback when a SoftFail result occurs. For example, the recipient's Mail User Agent (MUA) could highlight the SoftFail status, or the receiving MTA could give the sender a message using a technique called greylisting whereby the MTA can issue an SMTP reply code of 451 (4.3.0 DSN code) with a note the first time the message is received, but accept it the second time. so according to this it is suggested to handle spf results as: spf pass - further processing without greylisting (2xx) spf softfail - respond with greylisting test, if there is a 2nd try (passes greylisting test) - further processing spf fail - reject mail (5xx) But since assp handles greylisting before spf-validation it has no use to delay the message again. Anyway, I also see no use for a softfail-error setting, only a use for options to intentionally fail spf-softfail and spf-neutral transactions which would mean using the spf-failed reply instead of accepting... - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user