On Fri, Jun 10, 2005 at 03:25:35PM +1200, Jeremy Bowen wrote: > On Friday 10 June 2005 2:02 pm, Aecio F. Neto wrote: > > It is legitimate to bounce messages, according to SMTP RFC. It is not > > qmail only that bounces, but all MTAs that follows this RFC (sorry, I > > don't recall its number right now). > > We're all happy to discard viruses without bouncing them.
Most of us. Antivirus companies, for examples, aren't. There is however issues with false positives. Do you have antivirus that is 100% correct all the time ? Didn't think so... > We're even OK with the idea of discarding SPAM without notifying the > "sender". Pretty much most of us, yes.. However, false positives in antispam tools are much higher than with viruses... So it comes to the question how much regular mail are you prepared to lose ? For some, the answer is pretty high (for you, it might be acceptable to lose 1 legit mail out of 100 if that means end of spam and viruses). For some, pretty low. For some, NONE AT ALL. And then, in some contries, there are legal issues. For example, for ISP to carry e-mail without filtering, it is awarded "common carrier" status and is not responsible for it's content. As soon as they starts doing content filtering (to determine a spam for example) they be lose common carrier status and BECOME LEGALLY RESPONSIBLE for ALL the content (for example: you allowed this e-mail which contains copyright infridgement to be downloaded, so we're holding you responsible). Yes, some laws (most of those that deal with so-called "Intellectual Property" for example) are incredibly stupid, I won't argue that :) > It's not hard to conclude that bouncing in these two cases is utterly wrong, > despite what the RFCs may say. You see, if mail is not delivered (due to false positive for example), some people INSIST on getting feedback on that. Funny them, but they probably don't get all the bounces that you do :-) > If you accept the above, we've now all accepted that it is OK to discard > certain types of email without notifying the sender. I do not accept, for example. Having to call recepient by phone to ask him if he actually received the e-mail every time I send e-mail is completely unnaceptible to me. I might as well put stuff on the web and ask him by phone to check it, and give up on e-mail completely. > I have a problem with the idea that an MTA knowingly accepts mail that it > cannot handle. In this day and age, a whole lot of issues could be solved if > it was to "reject" instead of "accept & bounce". Yes, unpatched qmail is not suitible for this age. It has great qualities (security), but also some big problems (due to design unfortunatelly: like accepting all mail for domain without checking recepients) Anyway - you simply want qmail to do something that it's design precludes it from doing (qmail-smtpd simply does not have PERMISSIONS to check weather the recepient exists. It was made that way because of security issues - any bug in SMTP code won't give attacker control of your system). > > Spamcop even blocks servers that provide bounces, legitimate or not. > So it's not just me that has issues with this behaviour :-) No. Many people have. Many of them are dropping qmail (and going to postfix or such) or patching it heavily. > Once upon a time we all lived in caves. If qmail wants to live in the past, > far be it from me to change the official religion. It seems it does. Either that or that DJB is dead for long time now but they are hiding it from us :-) -- Opinions above are GNU-copylefted. ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
