On Wed, Jan 07, 2004 at 12:57:52PM -0700, Jason R. Mastaler wrote: > Gerrit Pape <[EMAIL PROTECTED]> writes: > > Anyway, whoever is interested in how qconfirm implements a delivery > > confirmation process, and automatically responding to requests, with > > just using the envelope, mail address extensions, the Message-ID, > > and the Reply-To: or From: field from the header, can install it on > > a test system. > > How about if you setup a qconfirm test account that people can use for > testing purposes? This is what I've done with [EMAIL PROTECTED]
Good idea, I'll do so. But unfortunately this doesn't provide testing of automatic confirmation of outgoing messages. > > But a TMDA confirmation request message already contains all > > information needed to reliably identify a request and act > > accordingly, so there's not necessarily the need for the special > > Message-ID. I plan to implement automatic confirmation of TMDA > > challenges this way in qconfirm. > > Before you implement this, you might want to run the criteria you are > using to identify a TMDA confirmation request past this list, as it > might be tricker than you think. The good thing is that if my program fails to identify a confirmation request, it doesn't hurt much, the request simply is delivered, and the user needs to confirm manually. This is my plan to identify and verify a TMDA delivery confirmation request after looking at the envelope and reading the headers: 1. check for the envelope sender address to be empty 2. extract the recipient of the original (challenged) message from the envelope recipient (qconfirm uses a kind of per-recipient VERP for outgoing mail, and TMDA correctly sends requests to the envelope sender) 3. ensure that the References: or In-Reply-To: fields contain a Message-ID that has been created for a message to the recipient determined in 2. (protects against forgery) 4. check for the existence of a X-Delivery-Agent: TMDA/* header field 5. check that the address found in Reply-To: (or if absent From:) has the same domain part as the original recipient determined in 2., and the same local part with some extension If all the checks are successful, a message is sent to the address found in Reply-To: (or if absent From:), with a nice informative note, and the delivery confirmation request message included. This is somewhat more complicated than just checking the Message-ID and the original recipient, but should work in my opinion. I very appreciate your corrections and/or comments. Thanks, Gerrit. -- Open projects at http://smarden.org/pape/. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
