option forced-discard-nok

Vernon Schryver vjs@calcite.rhyolite.com
Mon Aug 7 03:01:59 UTC 2006

Has anyone running dccm tried "option forced-discard-nok" in 
/var/dcc/whiteclnt?  Would anyone object if it were the default?

That option tells dccm to compare per-user whiteclnt files for recipients
for a message and temporarily (4yz) reject second and subsequent
recipients whose white- or blacklist settings might yield different
results for the message.

The underlying problem is in the SMTP protocol.  If an SMTP server
accepts two (or more) recipients with Rcpt_To commands, then at the
end of the transaction, the server must accept or reject the message
for both recipients.  If one recipient's white- and blacklist settings
says the message should be rejected while the other's say it should
be accepted, then the SMTP server is stuck.  The least bad choice is
for the server to tell the SMTP client it is accepting the message for
deliver for both recipients, deliver it to the recipient that wants
it, and discard the message for the recipient whose settings say it
it spam.  The problem with this tactic is false positives.  The message's
sender has no way of knowing that the message was not delivered to one
of the recipients.

Another tactic is to try to detect situations when the recipients'
setting might give contradicting answers, and temporarily reject
the second recipient.  There are two problems with this tactic.  It
slows down mail.  There are may be some bad SMTP clients that don't
retry temporary rejections correctly, despite the fact that these
temporary rejections look the same as an SMTP server that has been
given too many recipients in a single gulp.

If you don't use dccm with per-user whiteclnt files or with env_to
entries in the main whiteclnt file, then there cannot be conflicting
answer and this does not matter to you.

I've been running with "option forced-discard-nok" since May, and
have not seen any problems.

Vernon Schryver    vjs@rhyolite.com

