Ryan Castellucci :nonbinary_flag:
Somehow, yesterday I experienced a new form of email nonsense. Someone claimed they were replying to my emails, and able to send without apparent issue, except... my server logs show nothing.
I even checked the pcap ring buffer. Nary a SYN from their server IPs.
Wat!?
Ryan Castellucci :nonbinary_flag:
Silently discarding email is an awful, awful thing to do.
Ideally, reject before accepting it, but if you can't do that, at least send a bloody bounce message.
Kevin Bowrin ☕
@ryanc 🫡 good luck debugging that one!
Ryan Castellucci :nonbinary_flag:
@kevinbowrin I mean, there's fuckall I can do without convincing a government IT department to send me logs, which, 🤣
Bill
@ryanc That's direct violation of 5321 isn't it?
Ryan Castellucci :nonbinary_flag:
@Sempf Yeah. So? Lots of domains bounce postmaster@
Bill
@ryanc That's a good point.
Royce Williams
@Sempf @ryanc
It's been awhile since I was in the daily email game, but I assume blowback is still a non-trivial problem, such that silent discard, despite non-compliance, might sometimes be preferable to innocent bystanders receiving blowback? But deciding when to do that must be complicated ...
Ryan Castellucci :nonbinary_flag:
@tychotithonus @Sempf rejection at smtp transaction time does not cause backscatter
Royce Williams
@ryanc @Sempf That works fine when there are only two SMTP servers involved, but what happens when it is multi-hop?
Ryan Castellucci :nonbinary_flag:
@tychotithonus @Sempf if they can't be bothered to decide whether they're going to accept it at that time 🖕
Ryan Castellucci :nonbinary_flag:
@tychotithonus @Sempf hold the connection while validating at the next hop
(this is a bit ideological)
Ryan Castellucci :nonbinary_flag:
@tychotithonus @Sempf being less extreme, it's pretty safe to send a bounce if SPF and DKIM validate
Royce Williams
@ryanc @Sempf I mean, I get that, but in the meantime the blowback still hits the innocent non-sender. As a troubleshooter, I 100% hated silent discard, but as a spam fighter from back in the day, never doing that produced a whole bunch of busy work and harm that was impossible to work around otherwise. (Rejecting early in the connection was of course ideal!). But I've been out of this game for more than a decade ...
Royce Williams
@ryanc @Sempf Yeah, that's definitely an angle that wasn't as available to me back then. If past me it was working this, I would 100% be looking for a milter that did that!
Ryan Castellucci :nonbinary_flag:
@tychotithonus @Sempf the cursed thing here is that the sending side is silently discarding it
Ryan Castellucci :nonbinary_flag:
@Sempf @tychotithonus do you need a hug?
Bill
@tychotithonus @ryanc I have learned more about SMTP in this conversation then I have in 25 years of fucking with it.
Bill
@ryanc @tychotithonus No, just a brain.
Ryan Castellucci :nonbinary_flag:
@erik @Sempf @tychotithonus I've forgotten more about HTTP than most people will ever know...
Erik Ableson
@Sempf @tychotithonus @ryanc is that what happens when you hit the age of the port number? Remind me to die before I hit 80 years old...
Bill
@ryanc @erik @tychotithonus I was gonna say, I spend most of my time at 443 so I'm probably ok there.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.