NOTIFY=SUCCESS in Milter

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

NOTIFY=SUCCESS in Milter

Tomas Macek-2
Hello,
I'm trying to get to know, if there is a chance to see in Milter, that the
"NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command like
this:


  RCPT TO:<rcpt_to@address> NOTIFY=SUCCESS,FAILURE,DELAY

If there is a chance, where I should find it? Is it supposed to be to seen
in some of those params available in a "envelope recipient filter"
function?

Still none of those macro params has given me the NOTIFY param, I
can see just the recipient address.

Best regards
Tomas

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

A. Schulze


Am 03.08.2017 um 07:32 schrieb Tomas Macek:

> I'm trying to get to know, if there is a chance to see in Milter that the "NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command

Hello Tomas,

from the milter API Doku:

xxfi_envrcpt:
  ctx Opaque context structure.
  argv Null-terminated SMTP command arguments; argv[0] is guaranteed to be the recipient address. Later arguments are the ESMTP arguments.

The "Later arguments are the ESMTP arguments" is your "hope" ...
but I never tested/used that.

Andreas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Tomas Macek-2
On Thu, 3 Aug 2017, A. Schulze wrote:

>
>
> Am 03.08.2017 um 07:32 schrieb Tomas Macek:
>
>> I'm trying to get to know, if there is a chance to see in Milter that the "NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command
>
> Hello Tomas,
>
> from the milter API Doku:
>
> xxfi_envrcpt:
>  ctx Opaque context structure.
>  argv Null-terminated SMTP command arguments; argv[0] is guaranteed to be the recipient address. Later arguments are the ESMTP arguments.
>
> The "Later arguments are the ESMTP arguments" is your "hope" ...
> but I never tested/used that.
>
> Andreas
>

Hello Andreas,

you are right!

This is a relevant piece from my log:

  mlfi_envrcpt: argv[0] = <[hidden email]>, argv[1] = NOTIFY=SUCCESS,FAILURE,DELAY

So I'm writing a Milter to tackle the spammers my own way!

Thank you!

Tomas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Matus UHLAR - fantomas
>>Am 03.08.2017 um 07:32 schrieb Tomas Macek:
>>>I'm trying to get to know, if there is a chance to see in Milter that the "NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command

>On Thu, 3 Aug 2017, A. Schulze wrote:
>>from the milter API Doku:
>>
>>xxfi_envrcpt:
>> ctx Opaque context structure.
>> argv Null-terminated SMTP command arguments; argv[0] is guaranteed to be the recipient address. Later arguments are the ESMTP arguments.
>>
>>The "Later arguments are the ESMTP arguments" is your "hope" ...
>>but I never tested/used that.

On 03.08.17 14:09, Tomas Macek wrote:
>This is a relevant piece from my log:
>
> mlfi_envrcpt: argv[0] = <[hidden email]>, argv[1] = NOTIFY=SUCCESS,FAILURE,DELAY
>
>So I'm writing a Milter to tackle the spammers my own way!

just for curiosity: under what circumstances are you going to drop NOTIFY
parameters?
because, postfix can do this per sending IP

I'd prefer patch to amavisd-milter if possible ;-)

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Tomas Macek-2
On Thu, 3 Aug 2017, Matus UHLAR - fantomas wrote:

>> > Am 03.08.2017 um 07:32 schrieb Tomas Macek:
>> > > I'm trying to get to know, if there is a chance to see in Milter that
>> > > the "NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command
>
>> On Thu, 3 Aug 2017, A. Schulze wrote:
>> > from the milter API Doku:
>> >
>> > xxfi_envrcpt:
>> >  ctx Opaque context structure.
>> >  argv Null-terminated SMTP command arguments; argv[0] is guaranteed
>> >  to be the recipient address. Later arguments are the ESMTP arguments.
>> >
>> > The "Later arguments are the ESMTP arguments" is your "hope" ...
>> > but I never tested/used that.
>
> On 03.08.17 14:09, Tomas Macek wrote:
>> This is a relevant piece from my log:
>>
>>  mlfi_envrcpt: argv[0] = <[hidden email]>, argv[1] =
>>  NOTIFY=SUCCESS,FAILURE,DELAY
>>
>> So I'm writing a Milter to tackle the spammers my own way!
>
> just for curiosity: under what circumstances are you going to drop NOTIFY
> parameters?
> because, postfix can do this per sending IP

Yes, I have found it out too. I wanted to create a Milter removing just
the SUCCESS and/or DELAY and keeping just the FAILURE.

> I'd prefer patch to amavisd-milter if possible ;-)

I'd rather create a new program, I don't like keep up-to-date patches.

Tomas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Matus UHLAR - fantomas
>On Thu, 3 Aug 2017, Matus UHLAR - fantomas wrote:
>>just for curiosity: under what circumstances are you going to drop NOTIFY
>>parameters?
>>because, postfix can do this per sending IP

On 07.08.17 11:27, Tomas Macek wrote:
>Yes, I have found it out too. I wanted to create a Milter removing
>just the SUCCESS and/or DELAY and keeping just the FAILURE.

this is the default when there'd no NOTIFY= command.
There's no need modifying NOTIFY=, disabling DSN in the smtpd helo reply
does just the same.

>>I'd prefer patch to amavisd-milter if possible ;-)
>
>I'd rather create a new program, I don't like keep up-to-date patches.

sending patches to maintainers can lead to them get accepted and
incorporated in next version. at least publishing them can help much.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Tomas Macek-2
On Mon, 7 Aug 2017, Matus UHLAR - fantomas wrote:

>> On Thu, 3 Aug 2017, Matus UHLAR - fantomas wrote:
>> > just for curiosity: under what circumstances are you going to drop NOTIFY
>> > parameters?
>> > because, postfix can do this per sending IP
>
> On 07.08.17 11:27, Tomas Macek wrote:
>> Yes, I have found it out too. I wanted to create a Milter removing just the
>> SUCCESS and/or DELAY and keeping just the FAILURE.
>
> this is the default when there'd no NOTIFY= command.
> There's no need modifying NOTIFY=, disabling DSN in the smtpd helo reply
> does just the same.

And is it also Postfix's behaviour when it does not advertise the DSN on
ehlo request?

Tomas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Matus UHLAR - fantomas
>>>On Thu, 3 Aug 2017, Matus UHLAR - fantomas wrote:
>>>> just for curiosity: under what circumstances are you going to drop NOTIFY
>>>> parameters?
>>>> because, postfix can do this per sending IP
>>
>>On 07.08.17 11:27, Tomas Macek wrote:
>>>Yes, I have found it out too. I wanted to create a Milter
>>>removing just the SUCCESS and/or DELAY and keeping just the
>>>FAILURE.

>On Mon, 7 Aug 2017, Matus UHLAR - fantomas wrote:
>>this is the default when there'd no NOTIFY= command.
>>There's no need modifying NOTIFY=, disabling DSN in the smtpd helo reply
>>does just the same.

On 07.08.17 14:42, Tomas Macek wrote:
>And is it also Postfix's behaviour when it does not advertise the DSN
>on ehlo request?

It is the default behaviour when NOTIFY is not specified by the client.

When SMTP server doesn't specify DSN in return to EHLO, the DSN is not
supported, so there's no need for client to specify NOTIFY=

I have no idea how postfix or other MTAs behave when clients ignore that.

However, you can drop them with smtpd_command_filter again - you don't need
milter for this.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NOTIFY=SUCCESS in Milter

Viktor Dukhovni
In reply to this post by Tomas Macek-2
On Mon, Aug 07, 2017 at 11:27:36AM +0200, Tomas Macek wrote:

> Yes, I have found it out too. I wanted to create a Milter removing just the
> SUCCESS and/or DELAY and keeping just the FAILURE.

This is the *wrong* thing to do and a bad idea.  When a legitimate
SMTP envelope requests NOTIFY=SUCCESS the *last* MTA that offers
DSN support that sucessfully delivers or relays the mesasge must
send a success notice.

By promising DSN, but then ignoring NOTIFY=SUCCESS, you'd be denying
the *sending* MTA the opportunity to notify the sender.

The correct solution is to disable DNS in Postfix via

    smtpd_discard_ehlo_keywords = dsn,silent-discard

This also has the effect of refusing MAIL FROM commands that would
attempt to use "NOTIFY=..." despite the lack of DSN support on the
receiving side.

Do not mangle SMTP commands to in ways that violate the protocol
requirements.  Let DSN do its job, and don't offer DSN service
when that's what you want.  My standard advice is to not offer
DSN to strangers at the edge of your network and to ignore DSN
offers from remote servers.

    # Postfix SMTP server instance that only handles inbound traffic
    smtpd_discard_ehlo_keywords = dsn,silent-discard

    # Postfix SMTP client instance that only handles outbound traffic
    smtp_discard_ehlo_keywords = dsn,silent-discard

--
        Viktor.
Loading...