Re: Handling mail from mailer daemons

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 8 Oct 2010 08:47:38 -0700 (PDT)

On Fri, 8 Oct 2010, Alessandro Vesely wrote:
>> DSNs are generated internally; they don't arrive via SMTP, and the
>> SMTP handling code is where the filter hooks are.
>
> When rejections are issued by a handler, it is possible to invoke an
> external program or script instead of passing a simpler piece of data,
> in order to deliver notifications with the desired header. Rejections
> on relaying can be controlled only marginally, IME. But then the
> resulting DSNs should be already "inside", in the sense that no
> independent verifier is supposed to handle them.

The MTA in this case invokes a script in a subprocess to handle some
input. The script rejects the input, exiting with some non-zero status.
The MTA detects this when collecting the stats of the child, and thus
generates the unsigned DSN internally. What you're suggesting would
involve modifying the handling script to generate a DSN on its own such
that it does get handled by signing filters. That seems a large
requirement to impose on all scripts MTAs might invoke.

Perhaps the better thing to do would simply be to disable sending of ADSP
failure reports back when the envelope sender is empty, since there's not
much users can be expected to do about this problem. ADSP can still be
checked and enforced on arrival of the message, but complaining back to
the DSN generator about the failure is currently unactionable noise.
Thoughts?
Received on Fri Oct 08 2010 - 15:48:00 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST