Re: a few things

Justin Mason 16 Jul 2004 18:59:53 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Daniel Quinlan writes:
> 1. Shouldn't we have Return-Path: higher up on the list of envelope
>    sender headers that are checked in get_envelope_from() ?

Hmm.   Well, the idea is:

    1. if the unusual headers (X-Envelope-From, Envelope-Sender, X-Sender)
    are present and trustworthy, use them
    2. fall back to the RFC-2822 std, Return-Path, which is pretty much
    always present

> I think the
>    heuristic could probably use some work, perhaps look at the top
>    Received: line to determine a priority order for headers.

how would this work?

> 2. ROUND_THE_WORLD - is this still a tflags net test?

Yes, it may need to perform rDNS lookups.

If the S/O is bad, this would be a good candidate to drop, as the
spammer behaviour is no longer prevalent.

> 3. NO_DNS_FOR_FROM is broken ... again.  I've known this has been
>    misdesigned (using the foreground mx() function in Net::DNS) for a
>    while, but the right solution eluded me until now.
> 
>    0.000   0.0000   0.0000    0.500   0.47    1.10  NO_DNS_FOR_FROM
>    0.000   0.0000   0.0000    0.500   0.45    1.10  NO_DNS_FOR_FROM:bzoetekouw
>    0.000   0.0000   0.0000    0.500   0.48    1.10  NO_DNS_FOR_FROM:jm
>    0.000   0.0000   0.0000    0.500   0.47    1.10  NO_DNS_FOR_FROM:parkerm
>    0.000   0.0000   0.0000    0.500   0.46    1.10  NO_DNS_FOR_FROM:quinlan
>    0.000   0.0000   0.0000    0.500   0.49    1.10  NO_DNS_FOR_FROM:rODbegbie
> 
>   I have a patch to fix NO_DNS_FOR_FROM.  1000 ham and spam randomly
>   sampled from my corpus after flushing my bind DNS cache:
> 
>    4.002   8.0000   0.0000    1.000   0.94    0.00 NO_DNS_FOR_FROM
> 
>   In addition to fixing the test and producing good results, the patch:
> 
>     - changes the MX test to use background sockets

oh good.  I think there's other MX tests elsewhere in the code though...

>     - skip_rbl_checks becomes skip_dns_checks, rbl_timeout becomes
>       dns_timeout

+0.5.  Only if the old names remain as synonyms.

We can now support synonyms very easily and efficiently in the Conf code,
and I think we've broken quite enough backwards compatibility in this
release.

>     - check_mx_attempts and check_mx_delay are gone

+1.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFA+CWOQTcbUG5Y7woRAn+aAKDbOeNEFrqN1bPJIMJLgDubFYJQAwCg1TnU
4h1nIvcZASRB4LZJ6tWUeQc=
=DF1t
-----END PGP SIGNATURE-----

Re: a few things

Reply via email to