[ https://issues.apache.org/jira/browse/JAMES-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17609897#comment-17609897 ]
ouvtam commented on JAMES-3820: ------------------------------- > Can empty sender be used to relay emails with James while being >unauthenticated? (this would be bad, for sure... I am unsure such a corner >case is tested...) As far as I know empty senders are allowed on bounces, so if you relayed a mail to next MTA and then you receive a bounce message from this MTA. The best you can do is generate an ephemeral bounce ID (e.g. store in redis) before relaying a mail. When a bounce happens you can check if the bounce ID exists and relay the bounce message. Otherwise reject the bounce. > Maybe as an admin I would need an option to require a proper MAIL FROM > explicitly ? I would be interested what you have seen in the wild so far when operating an MSA. Do you have any statistics about AUTH with/without MAIL FROM? According to RFC you start a SMTP session (including AUTH). Then you can do as many transactions as you want, each starting with a MAIL FROM. Because being to strict can also hurt deliverability in the wild west of mailing :/ > DNS Blocklist: implement DNSRBLHandler as MailHook instead of RcptHook > ---------------------------------------------------------------------- > > Key: JAMES-3820 > URL: https://issues.apache.org/jira/browse/JAMES-3820 > Project: James Server > Issue Type: Improvement > Components: SMTPServer > Reporter: ouvtam > Priority: Minor > Time Spent: 1h 10m > Remaining Estimate: 0h > > At the moment the DNSRBL handler > (org.apache.james.protocols.smtp.core.fastfail.DNSRBLHandler) is implemented > as a RcptHook. Thus, for every RCPT TO call this handler will be called and a > blocklist lookup will be issued. > One can argue It makes sense to implement the handler as a ConnectHandler, so > the blocklist check is done as early as possible. However, if SMTP AUTH is > successful then we should allow the connecting client anyway. > Therefore it makes sense to implement the DNSRBL handler at MAIL FROM stage > that is MailHook. One exception is the following. According to [RFC > 4954|https://datatracker.ietf.org/doc/html/rfc4954#section-5], authentication > information can optionally provided as ESMTP AUTH parameter with a _single_ > value in the '{{{}MAIL FROM:{}}}' command. > > > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org