On Jul 11, 2013, at 03:23 AM, Stephen J. Turnbull wrote: >Barry Warsaw writes: > > > For #1 you would have a rule that can answer the question of DMARC > > disposition. Rules output binary results, > >This is somewhat problematic. DMARC results are potentially >trivalent. If action is "reject" and pct is less than 100, some hits >are "rejects" and some are "quarantine". Misses are misses. So I >guess you do this with a chain of two rules, the first one verifying >the message and if that hits (ie, verification fails) the second one >rolls the dice for pct.
While ugly, that might be the best we can do for now. I have thought about adding an action to links for when the rule misses, the default being 'Defer' (i.e the next link in the chain executes as normal). That would at least give you more control over each step in the chain. But handling more than two cases quickly gets into ugliness. Another possibility is to collapse the reject/quarantine "hit" into a single boolean result. Rules can add key/values to the metadata dictionary, so you could imagine that a hit wouldn't jump directly to the Reject or Hold chains. Instead it would jump to a custom (terminal) chain that made the more specific determination of whether to reject or hold the message. > > and if this rule hits, it would run an action, probably to discard > > the message, although it could also hold it or reject/bounce it. > >Silent discards without content analysis make me queasy. Of course, we'd likely log and fire an event, so at least it wouldn't happen completely silently. >I guess we can work around that by doing DMARC checks after the content >checks, although the draft implies the DMARC checks should be done early. Or >we could reject, but unfortunately we can't reject in the SMTP transaction, >so we need to issue a DSN. That makes me really queasy, because DSNs for >illegitimate mail suck all around. Yep. There is some limited ability to do additional checking at LMTP time, but this isn't pluggable currently. >In case of a quarantine, maybe this should go into a separate queue >that silently waits for a moderator to look at the messages, and >discards them after a reasonable period of time (maybe two weeks?) So >they'd be there if somebody asks for a lost message, but otherwise no >bother. Currently there's only one moderation queue, but it can be set up to auto-discard held requests after a period of time. -Barry
signature.asc
Description: PGP signature
_______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
