[Assp-test] (denySMTPConnectionsFromAlways)

[Hilario F. S. <ass...@so...>]

I've tried the new 1.6.0 (0.4.07) and it is almost there:

The log now shows the "[SMTP Error] 554 5.7.2 Service denied" 
message. That is good.
But the sending server persists retrying till the timeout.
The same server acknowledges immediately when it receives a 
(SpamError) "554 5.7.1 Mail (SESSIONID) appears to be unsolicited" 
message as a result of a match in (blackListedDomains).
For me it looks like as if ASSP had logged it, but not really sent 
the 554 error (or something like that).
Of course this is just a feeling as I did not check (sniff) the 
packets exchanged by the servers. (and pls excuse my bad English)

All the best

Fochi

=====================================================================================================
I see that a new parameter (DenyError) was introduced.
But I did not see it working yet.
Please let me know if I missed anything or what I should do to enable 
the use of (DenyError).

The lines bellow are the only log files I see for IP blocked by 
denySMTPConnectionsFromAlways

2009-10-28 16:34:41 <> IP 11.11.11.11 (11.11.11.11 redcapemail) 
matches denySMTPConnectionsFromAlways;
2009-10-28 16:34:41 <> 11.11.11.11:59526 strictly denied by 
denySMTPConnectionsFromAlways or droplist: 11.11.11.11 redcapemail;

Thanks,

Fochi
=====================================================================================================
quote "if one doesn't give a heck about RFCs ...  just drop it"

On the opposite, I'm not an expert in RFCs but I think the closest it 
comes to RFC, the best.

In my tests, when I use denySMTPConnectionsFromAlways, I thought I 
should have an immediate return from my external server with the 
failure reason.
But I did not receive any hint that the mail was not delivered. Thus 
I suppose ASSP is just dropping the connection without a 4xx or 5xx 
or whatever.

Thus I just wish that whenever ASSP rejects a connection, it informs 
the offending server that the mail will not be delivered.
(be it 4xx, 5xx or whatever makes sense and adheres to pertinent RFCs)

That way, users that send mails to our beloved ASSP server, will know 
high away that their mail wasn't delivered and take the necessary 
action (for example call our users and ask for whitelist inclusion)

Fochi

==================================================
I am testing (denySMTPConnectionsFromAlways) and noticed that
apparently it does not send a 5xx error message.

In cases where this is a false positive, the unfortunate senders will 
never know their mail did not reach the final destination.

Should it have a parameter were admins could set ASSP to send the 500 
error message for the denySMTPConnectionsFromAlways?

Fochi