need organizational hint

Phil Howard phil-info-cyrus at ipal.net
Thu Apr 10 22:43:07 EDT 2003


On Thu, Apr 10, 2003 at 10:11:40PM -0400, Ken Murchison wrote:

| 
| 
| Phil Howard wrote:
| > 
| > On Thu, Apr 10, 2003 at 04:52:07PM +0200, Christian Schulte wrote:
| > 
| > | Adam Tauno Williams wrote:
| > |
| > | >>3.  Each user can specify their own rules for blacklisting and/or
| > | >>    whitelisting senders and sending server, either explicit, or
| > | >>    by their own choice of DNS based blacklists / whitelists.
| > | >>
| > | >>
| > | >
| > | >In Cyrus this is accomplished via Sieve.  If your not going to use Sieve then it
| > | >is purely an MTA/MUA issue, and not a Cyrus one.  But if I were you I'd use
| > | >Sieve it is very nice and seem very efficient.
| > | >
| > | >
| > | In 2.2 sieve scripts get compiled on the fly into bytecode...you will
| > | not find such a solution for e.g. procmail!
| > 
| > And how does this get run?  Is it its own MTA?  An SMTP front end?
| > An LMTP front end?  Patches to Postfix?
| 
| 
| The Sieve bytecode gets executed at the time of delivery by Cyrus lmtpd.

How will it do rejections that are to be done based on the IP address
of the MTA that makes the SMTP connection to my MTA?  Is that address
passed by MTAs (such as Postfix) in an obvious way to the LMTP connection
to Cyrus, before the "DATA" command on the SMTP connection?  I was under
the impression that MTAs queued mail before sending it via LMTP anyway,
and so at least some of the filtering has to be done during the SMTP
connection at the MTA.  But if the MTA opens the LMTP connection live
during the SMTP connection, I suppose this might work.

What kind of database does the Sieve implementation use for lookups of
large sets of user data?

My goals include:

1.  If it can be rejected before the "DATA" command based on information
    provided so far (e.g. connecting (client) MTA IP address, reverse DNS
    looked up and verified hostname for that client, HELO banner, MAIL FROM
    contents, RCPT TO contents (generally used to look up which set of
    rules to apply), then I want it rejected with a 5XX code as a response
    to the "RCPT" command ... e.g. before the content is even transmitted.

2.  If the SMTP information doesn't result in rejection, then everything
    else, such as header or content body scanning, must be done during the
    SMTP connection in order to respond to the "DATA" command with 5XX if
    it is to be rejected.

3.  Any rejections that cannot be made during the SMTP session will be
    discarded.  No bounce messages will be sent for any rejected incoming
    mail.  And yes, I know that means things like no queueing secondary
    MX host.  If the secondary MX host cannot apply every rejection test
    during the SMTP session, then it won't accept mail.

The reasoning for refusing to send bounce messages includes not wanting
to queue what will mostly be either undeliverable, or sending mail to a
user whose email address was forged by a spammer.

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://ka9wgn.ham.org/    |
-----------------------------------------------------------------




More information about the Info-cyrus mailing list