REJECT-ON-SMTP-DATA (Re: Mail Server best practices - was: Pandora's Box of new TLDs)
justin at justinshore.com
Sat Jul 5 10:50:35 CDT 2008
Jean-François Mezei wrote:
> Blocking messages as early as possible also greatly reduces the load on
> your system, disk storage requirements etc.
Rejecting during the SMTP dialog but before you signal that you've
accepted the DATA output also also pushes the responsibility for sending
a DSN to the sending MTA. It's is a spammer then they'll drop the DSN.
If it's a compromised PC running Storm Worm or the like it won't
generate DSNs anyway. If it's a legit but poorly-configured MTA acting
as an open relay it will generate the DSN and eventually get itself
blacklisted. Sending a DSN to a spoofed envelope From is considered
spam in and of itself and will get an MTA blacklisted. You could always
not send DSNs in which case the sender of a legit message that had a few
to many !!!s in it will not get a bounce and will not know that there
message was blocked. It disappears into an email blackhole. Few things
piss off users like disappearing email.
It's best all around to force the sending MTA to send the bounce. Your
MTA doesn't get blacklisted, spammers' relays are forced to do a little
extra work, and senders of legit mail that's a false-positive get a DSN
telling them that their message didn't go through (and hopefully why).
Everyone wins. Block early and block often.
More information about the NANOG