[
https://issues.apache.org/jira/browse/JAMES-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ouvtam updated JAMES-3820:
--------------------------
Description:
At the moment the DNSRBL handler
(org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented as
a RcptHook. Thus, for every RCPT TO call this handler will be called and a
blocklist lookup will be issued.
One can argue It makes sense to implement the handler as a ConnectHandler, so
the blocklist check is done as early as possible. However, if SMTP AUTH is
successful then we should allow the connecting client anyway.
Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage
that is MailHook. One exception is the following. According to [RFC
4954|https://datatracker.ietf.org/doc/html/rfc4954#section-5], authentication
information can optionally provided as ESMTP AUTH parameter with a _single_
value in the '{{{}MAIL FROM:{}}}' command.
was:
At the moment the DNSRBL handler
(org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented as
a RcptHook. Thus, for every RCPT TO call this handler will be called and a
blocklist lookup will be issued.
One can argue It makes sense to implement the handler as a ConnectHandler, so
the blocklist check is done as early as possible. However, if SMTP AUTH is
successful then we should allow the connecting client anyway.
Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage
that is MailHook. One exception is the following. According to [RFC
2554|http://tools.ietf.org/rfc/rfc2554.txt], authentication information can
optionally provided as ESMTP AUTH parameter with a _single_ value in the
'{{{}MAIL FROM:{}}}' command.
> DNS Blocklist: implement DNSRBLHandler as MailHook instead of RcptHook
> ----------------------------------------------------------------------
>
> Key: JAMES-3820
> URL: https://issues.apache.org/jira/browse/JAMES-3820
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: ouvtam
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> At the moment the DNSRBL handler
> (org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented
> as a RcptHook. Thus, for every RCPT TO call this handler will be called and a
> blocklist lookup will be issued.
> One can argue It makes sense to implement the handler as a ConnectHandler, so
> the blocklist check is done as early as possible. However, if SMTP AUTH is
> successful then we should allow the connecting client anyway.
> Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage
> that is MailHook. One exception is the following. According to [RFC
> 4954|https://datatracker.ietf.org/doc/html/rfc4954#section-5], authentication
> information can optionally provided as ESMTP AUTH parameter with a _single_
> value in the '{{{}MAIL FROM:{}}}' command.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
