nginx mailing-list and sender filtering (vs BATV)

Phil Pennock nginx+phil at spodhuis.org
Sun Mar 3 04:28:38 UTC 2013


On 2013-03-03 at 02:11 +0400, Maxim Dounin wrote:
> You probably didn't understand the problem deep enough: content 

I'm one of the maintainers of the MTA which runs a plurality of the MTA
installs out there.  Of course, I have crazy days and moments of pure
stupidity, but in general I have a decent understanding of email.

> scanning hooks, even if implemented, won't help.  To properly 
> reject message at SMTP level you have to check envelope sender, 
> and if you've accepted RCPT TO - it's too late to reject message 
> at DATA stage, as the message might have other valid recipients.
> 
> So the only way to properly check list membership is to check 
> envelope addresses.  Anything else means sending bounces, which is 
> not acceptable nowadays.

Er, the only visible email addresses in nginx.org are for mailing-lists,
I wasn't aware it had user-accounts.  Even so, not a major issue.

So if the poster is a member of one mailing-list but not another, then
you're not back-scattering to unknown addresses; if content-scanning
then deems the message okay, then it's far more acceptable to bounce.

And if folks are cross-posting to many lists but only subscribed to one,
rejecting all of them with a "fix your sender address or don't spam
lists you're not subscribed to" message works well too.  :)  This even
applies for user-accounts: protects from the crazies mailing every
address they can think of.

But yes, I understand the issue and do use RCPT-time checks myself,
after normalisation of the sender address, to work around the fact that
I'm doing something a little dodgy that might break legitimate mail.

Regards,
-Phil



More information about the nginx mailing list