From: Murray S. K. <ms...@se...> - 2007-12-13 19:48:58
|
On Thu, 13 Dec 2007, Mark Martinec wrote: > The issue is that a reject should not be possible at all, having action > set to 'accept' for all situations, including internal or protocol > failures (-C dns=a,int=a). Well the real problem is that the header size limit doesn't fall into any of the categories covered by "-C". I'll have to add another. > A verifying milter has no right to reject a message if it isn't > explicitly configured for rejection of non-valid messages. Does a receiving MTA have the right to reject a message with properties it considers to be a possible attack attempt? >> The logging though is a little confusing; if mlfi_header() returns >> SMFIS_REJECT, the recovery of the sending MTA should be graceful. > > It gracefully rejects the message. It must not do that. The earlier remarks in this thread (i.e. from Jukka) suggest the rejection may be causing some other mysterious symptoms. |