antispam and RFC status codes

225 views Asked by At

I am running a proxy antispam in my mailserver (ASSP 2.4).

If a remote spammer email is blocked, the antispam permits to configure a reply with a

  • 554 5.7.1 Message blocked due to spam content in the message or
  • by sending a "false" '250 OK' instead of SMTP error code '554 5.7.1'.

Two questions please ;

a) If I use the '250 OK' solution , am I breaking some some rule in the Simple Mail Transfer Protocol (RFC 821 and RFC 5321) ?

b) Which is better and recommended and why ; "554 5.7.1" or "250 OK" ?

Thank you, Graziano

1

There are 1 answers

0
Andrew H On BEST ANSWER

According to section 3.3 of RFC 5321 once you, the receiver, send a 250 OK to the sender it means the reciever has successful stored the message. Further according to section 4.2.4 of RFC 532 responding to <CRLF>.<CRLF> with a positive code (2yx) you accept responsibility for delivery of the message. You can also find that a response of 5yz to the DATA verb is accepted (with a 354) is appropriate when "[...]the server determines that the message should be rejected for policy or other reasons."

So to follow RFC you should likely issue a 5yz response if you determine a message to be spam. But no one polices this. If you configure your mail server to go against RFC you will still receive emails (especailly since you are waiting until the DATA phase to break the protocol, the sender cannot unsend the message).

However if you are willing to classify a message as spam you have then identified someone abusing the SMTP protocol so who cares what you do they are a dirty spammer? What if it is a false positive and the sender thinks you got their email when you in fact did not because you discarded it for being spam? Spam filters are often wrong.

No one is going to come to you and report you for not following SMTP protocol, this is because the RFC's are written to be interpreted. However you should configure your mail server to be some what friendly to a sender who is legitimate but is falsely identified as having sent you spam, so they can communicate the issue to you.