[Avcheck] inclusion / exclusion of envelope recipients
Michael Tokarev
mjt@tls.msk.ru
Thu, 10 Jan 2002 17:31:22 +0300
adi wrote:
>
> > master.cf:
> > avcheck ... pipe argv=avcheck -S second_instance:smtp ...
> >
> > i.e. avcheck will contact second instance directly.
>
> Do you think that avcheck's smtp client is already prepared for
> anticipating *all* of smtp responses (at least with postfix as a
> peer).
Well, sort of. It does NOT handle ANY unexpected response.
For any unexpected response, avcheck smtp client will exit
with EX_TEMPFAIL. I assumend that mail should be accepted by
the receiving side, or else it's an error in configuration
(modulo temporary receiver errors that must be handled with
EX_TEMPFAIL anyway).
Hmm... Interesting. Well, if a "primary" mta accepts mails
for the whole domain (with e.g postfix's relay_domains), but
the receiving side (another mta on a different host) will reject
one particular address (e.g. for non-existed address), primary
mta will defer mail and retry. If the primary mta will talk
to second one directly, mail will be bounced in such situation.
For the scenario described in this thread, such avcheck's smtp
client behaviour is acceptable: primary mta should reject mails
for non-existed addresses. Meanwhile, even with single postfix
instance and with some sort of configuration, mail may be deferred
instead of bounce. For example:
virtual:
example.com virtual
@example.com @example.org
(to make example.com synonym for example.org)
mydestination = example.org
Mail for unknown@example.org will be bounced by postfix's smtpd,
while unknown@example.com will be accepted. This last one will
be when "deferred by avcheck": when it will talk with postfix to
reinject message back, postfix will reject unknown@example.com
(this is what avcheck will get, after postfix translated original
address). Solution for this very case is obvious -- remove
example.com from virtual and add it to mydestination. But there
may be other more complicated cases. Also, for locally-submitted
mails (via sendmail/postqueue interface), the problem persists
anyway.
This is a no-problem at all if avcheck runs as content_INSPECTOR,
where mails not leaves postfix.
It may be good to modify avcheck's smtp client to handle all
smtp responses as well, with proper reaction (EX_NOUSER instead
of EX_TEMPFAIL). Bounces will be *ugly* in such a cases, but
the whole system will work correctly. This will require far
more intelligent smtp client than avcheck currently have.
Comments?
Another possible issue with avcheck's smtp client is that it
can't handle multiline smtp responses -- for example, initial
welcome message. Standard postfix does not produce these, but
there are patches that does that.
Other than the above, avcheck's smtp client is robust, it doesn't
matter what program it will talk with while the receiver does
speak smtp (a subset of: minus multi-line responses).
Regards,
Michael.