How to fake Per-Recipient Data Responses (PRDR)?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

How to fake Per-Recipient Data Responses (PRDR)?

mrobti
Hello, short of Per-Recipient Data Responses (PRDR) becoming standard,
may I ask how administrators are faking it? I understand you can
temp-fail all but the first rcpt-to, but how to do this in Postfix? Does
it require a custom milter? Surely there must be a published solution
somewhere?
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Kevin A. McGrail
On 10/1/2017 8:15 PM, MRob wrote:
> Hello, short of Per-Recipient Data Responses (PRDR) becoming standard,
> may I ask how administrators are faking it? I understand you can
> temp-fail all but the first rcpt-to, but how to do this in Postfix?
> Does it require a custom milter? Surely there must be a published
> solution somewhere?
I do it in a milter two ways.  One, I temp-fail all but one recipient at
a time which I find problematic or two, I create a new message and
reinject it to the original recipients.  I do this so I can have per
user settings on delivery and spam settings.  DKIM makes this tough.

So I'm interested if you can do this in postfix as well.

Regards,
KAM
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Noel Jones-2
On 10/2/2017 10:04 AM, Kevin A. McGrail wrote:

> On 10/1/2017 8:15 PM, MRob wrote:
>> Hello, short of Per-Recipient Data Responses (PRDR) becoming
>> standard, may I ask how administrators are faking it? I understand
>> you can temp-fail all but the first rcpt-to, but how to do this in
>> Postfix? Does it require a custom milter? Surely there must be a
>> published solution somewhere?
> I do it in a milter two ways.  One, I temp-fail all but one
> recipient at a time which I find problematic or two, I create a new
> message and reinject it to the original recipients.  I do this so I
> can have per user settings on delivery and spam settings.  DKIM
> makes this tough.
>
> So I'm interested if you can do this in postfix as well.
>
> Regards,
> KAM



http://www.postfix.org/postconf.5.html#smtpd_recipient_limit



Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Kevin A. McGrail
On 10/2/2017 11:14 AM, Noel Jones wrote:
> http://www.postfix.org/postconf.5.html#smtpd_recipient_limit 
I don't think we are talking about the same thing.  If I set this to 1,
I would expect a 5xx for an email with more than one recipient. Do you
know for sure?

Regards,
KAM
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Noel Jones-2
On 10/2/2017 10:17 AM, Kevin A. McGrail wrote:
> On 10/2/2017 11:14 AM, Noel Jones wrote:
>> http://www.postfix.org/postconf.5.html#smtpd_recipient_limit 
> I don't think we are talking about the same thing.  If I set this to
> 1, I would expect a 5xx for an email with more than one recipient.
> Do you know for sure?
>
> Regards,
> KAM


Yes, for sure. Extra recipients will get a 4xx response.

Note this may *severely* delay deliveries, depending on the sender's
retry policy.  If a message arrives with 100 recipients, the sender
will need to retry 99 times, which will likely take a very long time.



  -- Noel Jones


Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Kevin A. McGrail
On 10/2/2017 11:47 AM, Noel Jones wrote:
Yes, for sure. Extra recipients will get a 4xx response.

Note this may *severely* delay deliveries, depending on the sender's
retry policy.  If a message arrives with 100 recipients, the sender
will need to retry 99 times, which will likely take a very long time.

Agreed about the delay.  I accept once and reinject internally with a milter so there is no delay and 1 email with 100 recipients becomes 100 emails.  But it's nice to know this option exists because it might be helpful for store and queue internal purposes.  Thanks for pointing it out!

Regards,
KAM
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Viktor Dukhovni
In reply to this post by Noel Jones-2

> On Oct 2, 2017, at 11:47 AM, Noel Jones <[hidden email]> wrote:
>
> Note this may *severely* delay deliveries, depending on the sender's
> retry policy.  If a message arrives with 100 recipients, the sender
> will need to retry 99 times, which will likely take a very long time.

It violates SMTP standards.  Interoperable SMTP servers are required
to accept up to 100 recipients per envelope (message delivery).

Do not cripple SMTP.  Make sure your anti-abuse measures do not impede
legitimate email.  Avoid techniques that impose behaviour changes on
legitimate email senders.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Matus UHLAR - fantomas
In reply to this post by Kevin A. McGrail
>On 10/2/2017 11:47 AM, Noel Jones wrote:
>>Yes, for sure. Extra recipients will get a 4xx response.
>>
>>Note this may*severely*  delay deliveries, depending on the sender's
>>retry policy.  If a message arrives with 100 recipients, the sender
>>will need to retry 99 times, which will likely take a very long time.

On 02.10.17 12:03, Kevin A. McGrail wrote:
>Agreed about the delay.  I accept once and reinject internally with a
>milter so there is no delay and 1 email with 100 recipients becomes
>100 emails.  But it's nice to know this option exists because it
>might be helpful for store and queue internal purposes.  Thanks for
>pointing it out!

what about rejected e-mail? Do you generate bounces or simply drop them?
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Matus UHLAR - fantomas
In reply to this post by Viktor Dukhovni
>> On Oct 2, 2017, at 11:47 AM, Noel Jones <[hidden email]> wrote:
>>
>> Note this may *severely* delay deliveries, depending on the sender's
>> retry policy.  If a message arrives with 100 recipients, the sender
>> will need to retry 99 times, which will likely take a very long time.

On 02.10.17 12:09, Viktor Dukhovni wrote:
>It violates SMTP standards.  Interoperable SMTP servers are required
>to accept up to 100 recipients per envelope (message delivery).
>
>Do not cripple SMTP.  Make sure your anti-abuse measures do not impede
>legitimate email.  Avoid techniques that impose behaviour changes on
>legitimate email senders.

Agreed. However I know one legitimate reason to do this:
accept spam on abuse@ mailbox (may be spam report), while refuse for others.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.
Reply | Threaded
Open this post in threaded view
|

Re: How to fake Per-Recipient Data Responses (PRDR)?

Viktor Dukhovni

> On Oct 3, 2017, at 1:22 PM, Matus UHLAR - fantomas <[hidden email]> wrote:
>
> Agreed. However I know one legitimate reason to do this:
> accept spam on abuse@ mailbox (may be spam report), while refuse for others.

Sure, you can indeed force mail to "abuse@" and/or "postmaster@" into
a separate envelope from all other recipients, by tempfailing these
at "RCPT TO" if any other recipients have been accepted, and tempfailing
all other recipients after these have been accepted.

Such a policy does not overly fragment multi-recipient messages, and if
you have multiple MX hosts, will typically just cause the rest of the
envelope to be accepted (or rejected) in its entirety when retried at
the next alternate MX.

This does not require PRDR, just tempfail mixtures of spam-lover and
spam-hater recipients in the same envelope, but only works if you have
just two recipient classes, any more, and it starts becoming unreliable
and too costly for legitimate senders.

--
        Viktor.