Sam Varshavchik wrote:
Bill Taroli writes:
I noticed, having upgraded to 0.48 just over the weekend, that a BOFHCHECKHELO item we'd been discussing -- though had no particular agreement on -- wasn't in fact included in courier/submit.C. Namely, to reduce (or make configurable) the severity of SMTP result codes for HELO and DNS mismatches. From our original conversation, I'd suggested that 417 would be better than 517 because it actually allows a proactive administrator time to put exceptions into place without getting angry calls from users who can't receive their mail from legitimate -- albeit misconfigured -- sources.
Is there a process for ratifying or submitting such requests for change that needs to be followed here?
No. No process needs to be followed.
I was not looking at anything new in the last two months, instead focusing on troubleshooting the authentication library overhaul.
With this particular proposal, the primary issue is: you will find that quite a few broken mail servers interpret a 4xx response to a HELO as meaning "disconnect and try again immediately".
The results will not be pretty.
I considered that, and have found in practice that especially the legitimate ones do make additional attempts. They also seem to follow the pattern of lengthening the time between attempts, as per usual temporary mail interruptions. I haven't seen one repeatedly just keep trying endlessly -- not to say that it couldn't happen. For the particularly egregious -- those that attempt a few hundred addresses and domains but from one IP address -- I add them to my deny list. If I have to choose between a lot of angry and confused calls from users and a few extra attempts to submit messages (when they never get past the HELO command), then I personally select the latter.
I don't mean to suggest that it be changed permanently... but perhaps a bofh configuration variable that determines if BOFHCHECKHELO should fail hard or soft?
Bill
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
