nginx mailing-list and sender filtering (vs BATV)
nginx+phil at spodhuis.org
Sun Mar 3 04:28:38 UTC 2013
On 2013-03-03 at 02:11 +0400, Maxim Dounin wrote:
> You probably didn't understand the problem deep enough: content
I'm one of the maintainers of the MTA which runs a plurality of the MTA
installs out there. Of course, I have crazy days and moments of pure
stupidity, but in general I have a decent understanding of email.
> scanning hooks, even if implemented, won't help. To properly
> reject message at SMTP level you have to check envelope sender,
> and if you've accepted RCPT TO - it's too late to reject message
> at DATA stage, as the message might have other valid recipients.
> So the only way to properly check list membership is to check
> envelope addresses. Anything else means sending bounces, which is
> not acceptable nowadays.
Er, the only visible email addresses in nginx.org are for mailing-lists,
I wasn't aware it had user-accounts. Even so, not a major issue.
So if the poster is a member of one mailing-list but not another, then
you're not back-scattering to unknown addresses; if content-scanning
then deems the message okay, then it's far more acceptable to bounce.
And if folks are cross-posting to many lists but only subscribed to one,
rejecting all of them with a "fix your sender address or don't spam
lists you're not subscribed to" message works well too. :) This even
applies for user-accounts: protects from the crazies mailing every
address they can think of.
But yes, I understand the issue and do use RCPT-time checks myself,
after normalisation of the sender address, to work around the fact that
I'm doing something a little dodgy that might break legitimate mail.
More information about the nginx