[
https://issues.apache.org/jira/browse/JAMES-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17609897#comment-17609897
]
ouvtam commented on JAMES-3820:
-------------------------------
> Can empty sender be used to relay emails with James while being
>unauthenticated? (this would be bad, for sure... I am unsure such a corner
>case is tested...)
As far as I know empty senders are allowed on bounces, so if you relayed a mail
to next MTA and then you receive a bounce message from this MTA. The best you
can do is generate an ephemeral bounce ID (e.g. store in redis) before relaying
a mail. When a bounce happens you can check if the bounce ID exists and relay
the bounce message. Otherwise reject the bounce.
> Maybe as an admin I would need an option to require a proper MAIL FROM
> explicitly ?
I would be interested what you have seen in the wild so far when operating an
MSA. Do you have any statistics about AUTH with/without MAIL FROM? According to
RFC you start a SMTP session (including AUTH). Then you can do as many
transactions as you want, each starting with a MAIL FROM.
Because being to strict can also hurt deliverability in the wild west of
mailing :/
> DNS Blocklist: implement DNSRBLHandler as MailHook instead of RcptHook
> ----------------------------------------------------------------------
>
> Key: JAMES-3820
> URL: https://issues.apache.org/jira/browse/JAMES-3820
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: ouvtam
> Priority: Minor
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> At the moment the DNSRBL handler
> (org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented
> as a RcptHook. Thus, for every RCPT TO call this handler will be called and a
> blocklist lookup will be issued.
> One can argue It makes sense to implement the handler as a ConnectHandler, so
> the blocklist check is done as early as possible. However, if SMTP AUTH is
> successful then we should allow the connecting client anyway.
> Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage
> that is MailHook. One exception is the following. According to [RFC
> 4954|https://datatracker.ietf.org/doc/html/rfc4954#section-5], authentication
> information can optionally provided as ESMTP AUTH parameter with a _single_
> value in the '{{{}MAIL FROM:{}}}' command.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
