Accept email with 5xx status code

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Accept email with 5xx status code

Pali Rohár
Hello, it is possible to accept emails with 5xx status code?

Why such behavior? I want to return 5xx status codes when email is
reject (to prevent sending bounces), but I would like to store copy of
rejected emails in case some inspection would be needed in future.
Storing copy of those emails into one "shared" mailbox is enough (no
need to properly deliver these emails into local accounts).

I have configured spamassassin via milter, so if spamd mark email as
spam, then postfix reject it via 5xx status code and does not produce
any bounce. Similarly, I have configured some header_checks for
rejecting emails to prevent generating bounces.

--
Pali Rohár
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Wietse Venema
Pali Roh?r:
> Hello, it is possible to accept emails with 5xx status code?

By replying with 5XX after SMTP end-of-data.

        Wietse

> Why such behavior? I want to return 5xx status codes when email is
> reject (to prevent sending bounces), but I would like to store copy of
> rejected emails in case some inspection would be needed in future.
> Storing copy of those emails into one "shared" mailbox is enough (no
> need to properly deliver these emails into local accounts).
>
> I have configured spamassassin via milter, so if spamd mark email as
> spam, then postfix reject it via 5xx status code and does not produce
> any bounce. Similarly, I have configured some header_checks for
> rejecting emails to prevent generating bounces.
>
> --
> Pali Roh?r
> [hidden email]
>
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Bill Cole-3
In reply to this post by Pali Rohár
On 16 Jan 2019, at 4:15, Pali Rohár wrote:

> Hello, it is possible to accept emails with 5xx status code?
>
> Why such behavior? I want to return 5xx status codes when email is
> reject (to prevent sending bounces), but I would like to store copy of
> rejected emails in case some inspection would be needed in future.
> Storing copy of those emails into one "shared" mailbox is enough (no
> need to properly deliver these emails into local accounts).

Warning: this is a tactic that many people believe that they want before
they have implemented it but never actually use once it has been
implemented.

For example, I ran a system with that sort of "quarantine" for ~5000
business users for 5 years where no user ever touched it or asked for
help with its very clear and accessible documentation.

> I have configured spamassassin via milter, so if spamd mark email as
> spam, then postfix reject it via 5xx status code and does not produce
> any bounce. Similarly, I have configured some header_checks for
> rejecting emails to prevent generating bounces.

If you can make that milter save the message but tell Postfix to reject
it, your problem is solved. I do this with the MIMEDefang milter on a
limited basis on a small system solely to have samples of the spam which
I reject for research purposes.

I do not believe that it is possible to make header_checks both reject
the message and save a copy of it.
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Pali Rohár
In reply to this post by Wietse Venema
On Wednesday 16 January 2019 07:21:49 Wietse Venema wrote:
> Pali Roh?r:
> > Hello, it is possible to accept emails with 5xx status code?
>
> By replying with 5XX after SMTP end-of-data.

And how to configure it? In postconf.5 I do not see anything which could
be used for this purpose.

--
Pali Rohár
[hidden email]

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Wietse Venema
Pali Roh?r:

Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On Wednesday 16 January 2019 07:21:49 Wietse Venema wrote:
> > Pali Roh?r:
> > > Hello, it is possible to accept emails with 5xx status code?
> >
> > By replying with 5XX after SMTP end-of-data.
>
> And how to configure it? In postconf.5 I do not see anything which could
> be used for this purpose.

smtpd_end_of_data_restrictions (default: empty)
       Optional access restrictions that the Postfix SMTP  server  applies  in
       the  context of the SMTP END-OF-DATA command.  See SMTPD_ACCESS_README,
       section "Delayed evaluation of SMTP access  restriction  lists"  for  a
       discussion of evaluation context and time.
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Matus UHLAR - fantomas
In reply to this post by Pali Rohár
>> Pali Roh?r:
>> > Hello, it is possible to accept emails with 5xx status code?

>On Wednesday 16 January 2019 07:21:49 Wietse Venema wrote:
>> By replying with 5XX after SMTP end-of-data.

On 20.01.19 17:36, Pali Rohár wrote:
>And how to configure it? In postconf.5 I do not see anything which could
>be used for this purpose.

what exactly do you want to achieve? If you want to store mail but pretend
it has been rejected (5xx code), postfix does not support this and you must
do this outside of postfix.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
Reply | Threaded
Open this post in threaded view
|

Re: Accept email with 5xx status code

Wietse Venema
Matus UHLAR - fantomas:
[ Charset ISO-8859-2 converted... ]

> >> Pali Roh?r:
> >> > Hello, it is possible to accept emails with 5xx status code?
>
> >On Wednesday 16 January 2019 07:21:49 Wietse Venema wrote:
> >> By replying with 5XX after SMTP end-of-data.
>
> On 20.01.19 17:36, Pali Roh?r wrote:
> >And how to configure it? In postconf.5 I do not see anything which could
> >be used for this purpose.
>
> what exactly do you want to achieve? If you want to store mail but pretend
> it has been rejected (5xx code), postfix does not support this and you must
> do this outside of postfix.

For example, save the content with an SMTP-based content filter,
or with a milter.

        Wietse