Thanks Thomas. This would definitely help us give more information to senders who are erroneously rejected. Your recommendation will help to solve the problem at hand! Thank you!
I don't follow why an optional modification to the hard coded 554's would potentially break ASSP, but obviously you do. I'm assuming it's significant enough of a risk that it's not worth it for me to forge on testing code changes? Can you shed some light on that? The 554.x.x reason would stay in place, only the description of it would change like we do for customizing the delay reply. On Thu, May 6, 2021 at 5:24 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > I don't think this is a good idea. Dirk explained one reason (IMHO a minor > one), but there are much more reasons why such things should go another way. > sub seterror is only the surface - changing any currently not configurable > error-reply (eg. 5xx to 4xx or 2xx) may lead in to an unexpected behavior > of assp or the peer. > > My suggestion: > > Anyone who wants to explain blocking reasons should build a public web > page with the explanations (detailed or not - how ever it is wanted). This > web page can also explain how to fix problems, e.g. how to use the > NOTSPAMTAG, encrypt zip files .... > > ASSP will get one new configuration parameter - e.g. > 'addErrorReplyExplanation' > > ------------- > 'addErrorReplyExplanation' > > The text defined here will be added to every permanent SMTP-error-reply > (starting with 5xx) send by assp. For example to add a web link, where > blocking reasons are explained. > e.g.: > - error explanations at https://your.web.domain/block-reasons > <https://your.web.domain/blockedmailreasons> > or > - error explanations at https://your.web.domain/block-reasons > <https://your.web.domain/blockedmailreasons> > ?session=SESSIONID&ip=IPCONNECTED > > The text (and possibly a clickable link) will become visible to blocked > senders in the NDR (No Delivery Report) of the blocked mail. > In the second example the assp session-id and the connected IP-address are > part of the link. The web server can extract the log entries for the mail > from the maillog.txt and can explain much better and/or check the database > for the IP reputation and ... and ... . > If you want to skip this addition for any configurable SMTP-reply, write > the literal NOEXPLAIN at the end of the configured SMTP-reply definition. > The literal will be removed from the reply before it is sent. > ------------- > > These are the advantages of my suggestion: > > - minor code changes > - flexible and more detailed error explanations - possibly in local > language > - much less (than in your suggestion) confusing reply configurations > - keeps hardcoded (and required) 5xx reply codes > - the assp code can force skipping the explanation addition where it is > really not wanted - e.g. AUTH errors > - if someone builds such an explanation web page, it can be shared > > > Thomas > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 05.05.2021 17:14 > Betreff: [Assp-test] Feature Reqiest: Customizing more of the 554 > 5.7.1 error messages in rejections > ------------------------------ > > > > > Thomas, > First, as requested, I've tried to change the way I generally ask for > features. I hope this is better, helpful, and fully explains my reasoning. > > Just like we can customize the spamError, DelayError, NoValidRecipient, > and other reasons that appear in rejection/delay messages to the sender, I > believe it would be valuable to have additional optional settings to > customize rejection messages in ASSP. This would help legitimate senders > who are erroneously rejected reach out to their IT for the following > reasons: > > 554 5.7.1 Extreme Bad IP Profile > 554 5.7.1 too many different IP's for domain (domain) > 554 5.7.1 too frequent connections for (ip) > 554 5.7.1 too frequent connections for originated IP-address (ip) > 554 5.7.1 too many mails with same subject > > there's also 521 transmission terminated, but I've never encountered that. > > My top priority is the Extreme Bad IP Profile message. Here's why: > We've seen several schools that our charity work with get IP blocked by > ASSP recently, and rightfully so. But there's legitimate senders too using > the same IP space. That then gets our charity calls from the students > asking what Extreme Bad IP Profile is (to which our well intentioned but > non-technical volunteers obviously have no idea). > > Having a message like: > 554 5.7.1 Your message was rejected due to your server's reputation. > Please work with your local email administrator to resolve this issue. > [Mail administrator: Your sender IP is on our blocklist due to previously > observed bad activity.] > would be more clear to the sender, and they'd know to get their IT > involved. If their IT calls us, so be it. > > Even better would be to put the IP address and sender domain into the > already variable message, but that's probably more coding work than it's > worth. > > I tried my hand at editing ASSP code (breaking the code signature) on a > test server to make it so that we can optionally customize the error > messages returned for some of the rejected mails. Something's not right > with the way the GUI prompts for the info, but I think my concept is solid, > there should be no sweat for a perl pro to modify the code, and I believe > it would be a widely valuable change. If you'll only consider this request > if I first get it working, I will press along, but I feel like you'll hate > my sloppy code and will need to rework it anyway. > > > To accomplish what I'm asking for, I believe ASSP would need to be > modified to have optional configuration entries in the GUI for each of the > above 554 error scenarios. > > Then everywhere that there are lines like > seterror( $fh, "554 5.7.1 Extreme Bad IP Profile", 1 ); > (which is only 7 554 locations that aren't customizable already) > > We'd need something like the logic that is already used for delayed > messages: > if ($DelayError) { > > $reply = $DelayError."\r\n"; > } else { > $reply = "451 4.7.1 Please try again later\r\n"; > } > > so something like > > if ($ExtremeBadIPProfileErrorMessage) { > $reply = $ExtremeBadIPProfileErrorMessage ."\r\n"; > } else { > $reply = "451 4.7.1 Extreme Bad IP Profile \r\n"; > } > > Do you think that's a good idea, would it be reasonable to enhance the > code to accomplish this? This wouldn't impact the globalPB right? > and as importantly, are you happier with the way that I asked this > question? > > Thanks > Ken > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
