This is a discussion on Re: R: R: Any mailbox-challenge plugin? - SpamAssassin ; Giampaolo Tomassoni wrote: >> -----Messaggio originale----- >> Da: Matus UHLAR - fantomas [mailto:email@example.com] >> >> ...omissis... >> >> I am really curious how do they behave when there's forged sender and >> both >> MTA's use this. Either they will ...
Giampaolo Tomassoni wrote:
>> -----Messaggio originale-----
>> Da: Matus UHLAR - fantomas [mailto:firstname.lastname@example.org]
>> I am really curious how do they behave when there's forged sender and
>> MTA's use this. Either they will cycle forever (so they will never know
>> either address is OK), or they will stop checking (so the spam will
>> because spammer forged domain with SAV implemented) or the mail (even
>> legitimate!) just will not pass...
>> Once I'll try this on two or more such systems (in parallel!) and see
>> they will DoS each other...
> No, Matus: they don't cycle.
> An MTA willing to check the existence of a sender address would do this
> before its reply after end of DATA (i.e.: after having received the
> message). Instead, an MTA would inform its peer of a non-existent mailbox
> after RCPT-TO (with a 5XX error code), which is well before DATA.
> The checking system need not proceed to DATA in order to check the existence
> of a mailbox, so there is no cycle...
I believe the more direct reason why there wont be a cycle/loop is that:
When doing SAV, the checking host should set its "Mail-From" to "<>".
So, if someone tries to send me a message from email@example.com, and I
were to use SAV (which I don't), then the SAV check should have these
The reason why this shouldn't cause a loop is that RFCs specifically
state that <> a valid Mail-From, and should always be accepted.
Therefore, the other side should never reject (and therefore never
check) the validity of <> as a mail-from.