[jira] [Commented] (JAMES-3820) DNS Blocklist: implement DNSRBLHandler as MailHook instead of RcptHook

Tue, 27 Sep 2022 00:58:04 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17609891#comment-17609891
 ] 

Benoit Tellier commented on JAMES-3820:
---------------------------------------

>From what I could see we enforce empty sender when this happens IE <>...

Maybe more (integration) testing could be done on the topic, I agree. We need 
to better understand the implications of this.

Can empty sender be used to relay emails with James while being 
unauthenticated? (this would be bad, for sure... I am unsure such a corner case 
is tested...)

Maybe as an admin I would need an option to require a proper MAIL FROM 
explicitly ?

> DNS Blocklist: implement DNSRBLHandler as MailHook instead of RcptHook
> ----------------------------------------------------------------------
>
>                 Key: JAMES-3820
>                 URL: https://issues.apache.org/jira/browse/JAMES-3820
>             Project: James Server
>          Issue Type: Improvement
>          Components: SMTPServer
>            Reporter: ouvtam
>            Priority: Minor
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> At the moment the DNSRBL handler 
> (org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented 
> as a RcptHook. Thus, for every RCPT TO call this handler will be called and a 
> blocklist lookup will be issued.
> One can argue It makes sense to implement the handler as a ConnectHandler, so 
> the blocklist check is done as early as possible. However, if SMTP AUTH is 
> successful then we should allow the connecting client anyway.
> Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage 
> that is MailHook. One exception is the following. According to [RFC 
> 4954|https://datatracker.ietf.org/doc/html/rfc4954#section-5], authentication 
> information can optionally provided as ESMTP AUTH parameter with a _single_ 
> value in the '{{{}MAIL FROM:{}}}' command.
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to