1. Is the sender required to deliver the message to the same server
(when you have multiple mx records)

That's a good question.  IMHO, it's up to you.  What requirements do you want to impose?

the default I am currently testing with is $client_addr-$f-$rcpt_addr

In some ways, this is a question of state.  As in does each MX have it's
own independent state or is the state shared among them?

Indeed! Currently no shared state, just testing how this develops. I
would like to keep it simple for now.

E.g. does
connecting to the first high priority / low numbered MX count as the
grey list for the second not as high priority / not as low numbered MX
or not?

It is even worse in my setup, with equal priority, a few minutes later
the other mx is being used.

2. Is the sender required to use the same from (eg. no idea if @#$#@
like mailchimp change their from
bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

If we stop and think about things for a moment, why would the SMTP
envelope sender or recipient change in between transmission attempts?

I honestly would not know. I think this is (or going to be) practice of annoying bulk mail providers, to try and get past detection mechanisms. (recipient has to stay the same of course)

As
such, I would think that the envelope addresses SHOULD be the same
across transmission attempts.

From some grep's in the log files this seems to be the case (still).

Now perhaps you are speaking to scoping of the grey listing, as in what constitutes the tuple that is grey listed; sender, recipient(s), sending host?

correct $client_addr-$f-$rcpt_addr is being stored

After many years of grey listing I switched to no-listing (w/ TCP reset) which is stateless on the recipient's end.  It works by pushing the
state into the sending server's end by causing the sender to properly
retry multiple MXs.

I am even receiving spam on mx hosts that I have removed from the dns,
they just archive this info somewhere.

Currently I am trying this setup.

I have my own custom dns bl that is blocking. However some people (even
a bank) is using sendgrid and those emails are now blocked.

So I decided to try and turn the blocking into grey listing, but the
sender is getting a greylist dsn with an api url to the mx host.
Just clicking the link will allow the message go thru on the next attempt.
In time I will just increase the greylist timeout from now 2h to as high
as I do not receive annoying newsletters/spam or what ever.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/6/22 8:42 AM, None wrote:

yes the ip address is indeed included as a default/example. I am also questioning if this is acceptable.

I would discourage using the IP (/32 or /128) in the tuple. I'm not
aware of any hint of any requirement that sending systems re-try from
the same IP.

Consider a cluster of systems functioning as an outgoing MX that have a
shared mail spool. Each system would have it's own IP address. As
such, messages could be re-tried from different systems / different IPs.

I think the grey listing systems that I used to use had options to
filter on a netmask to accommodate this type of thing.

I already noticed in my own testing environment that the delivery is
being attempted already a few minutes later on the 2nd mx.

That doesn't surprise me. I don't recall anything beyond a vague recommendation as to how often sending systems should process their
queue, just that they do process their queue. So, a few minutes later
seems to be ... fairly normal.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/6/22 8:42 AM, None wrote:

I am even receiving spam on mx hosts that I have removed from the dns,
they just archive this info somewhere.

This seems ... unexpected to me.

Have the former MX hosts been removed from DNS for longer than the TTL
at the time of removal? E.g. is there /any/ chance that what you're
seeing is results of cached DNS queries?

I'd apply some Nyquist frequency mentality and make sure that you wait
/at/ /least/ 2 x the TTL to make sure that's not a problem.

So I decided to try and turn the blocking into grey listing, but the
sender is getting a greylist dsn with an api url to the mx host.
Just clicking the link will allow the message go thru on the next attempt.

I would discourage relying on information from your SMTP delay actually
being surfaced back to the end user. I've found that such information frequently doesn't make it to the end user. Even when it does make it
to the end user, chances are quite good that they will not know what to
do with it.

In time I will just increase the greylist timeout from now 2h to as high
as I do not receive annoying newsletters/spam or what ever.

Two hours seems quite high in my opinion. I think I used 5 - 15 minutes
when I was still using grey listing.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to Claus Aßmann <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>:

None wrote:

1. Is the sender required to deliver the message to the same server
(when you have multiple mx records)

No, the sender is (in general) required to try all MXs.
That can be fairly annoying if a domain has many MXs and
uses graylisting.

If you have multiple MXes at the same priority, they need to share the greylist database.

2. Is the sender required to use the same from (eg. no idea if @#$#@
like mailchimp change their from
bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

In my experience the envelope doesn't change. For a while I tried a greylister that did 4xx at the end of data and remembered a checksum of the message, and found that some bulk mailers regenerate the message so it has new timestamps.

The much more interesting question is whether you include the client
IP address in your graylisting DB -- because that can change.

Definitely. I find it adequate to fuzz IPv4 addresses to the /24 and v6 to the /64.

Remember that greylisting is not a FUSSP. It's just a way to see whether a mail client
knows how to retry after a soft reject. Once it does that, there's no point in further
greylisting the same source.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to Grant Taylor <gtaylor@tnetconsulting.net>:

On 4/6/22 8:42 AM, None wrote:

I am even receiving spam on mx hosts that I have removed from the dns,
they just archive this info somewhere.

This seems ... unexpected to me.

It shouldn't be. For some reason many spambots have hard coded obsolete
lists of MXes built into them. I see a trickle of spam to hosts that
stopped being MXes years ago.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/6/22 11:05 AM, John Levine wrote:

If you have multiple MXes at the same priority, they need to share
the greylist database.

I like that distinction / clarification.

For a while I tried a greylister that did 4xx at the end of data
and remembered a checksum of the message, and found that some bulk
mailers regenerate the message so it has new timestamps.

Ew.

It's just a way to see whether a mail client knows how to retry
after a soft reject. Once it does that, there's no point in further greylisting the same source.

I largely agree.

Though I do think that I'd put an upper bound on how long I'd retain
that state. -- I usually had my systems configured such that this
information was volatile and did not persist across daemon invocations.
I found that an additional turn through the grey list once every couple
of months wasn't a problem and didn't noticeably add to the overall
average delay.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to Grant Taylor <gtaylor@tnetconsulting.net>:

It's just a way to see whether a mail client knows how to retry
after a soft reject. Once it does that, there's no point in further
greylisting the same source.

I largely agree.

Though I do think that I'd put an upper bound on how long I'd retain
that state. -- I usually had my systems configured such that this >information was volatile and did not persist across daemon invocations.
I found that an additional turn through the grey list once every couple
of months wasn't a problem and didn't noticeably add to the overall
average delay.

Mine ages out after 90 days to keep the file from filling up with obsolete junk. I agree that one extra greylist every few months is not a big deal.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/6/22 10:44 AM, John Levine wrote:

It shouldn't be. For some reason many spambots have hard coded
obsolete lists of MXes built into them. I see a trickle of spam to
hosts that stopped being MXes years ago.

On one hand this /really/ surprises me.

Though on the other hand, I can see why they might have hard coded MXs
as an optimization to avoid DNS lookups for large target domains.

I'd be fairly shocked if the hard coded lists of MXs included many
digits of target domains. -- Insert some comment about logarithmic
level of surprise for the number of target domains.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

For a while I tried a greylister that did 4xx at the end of data and
remembered a checksum of the message, and found that some bulk mailers
regenerate the message so it has new timestamps.

Yes I can understand that, I have noticed that spamassassin is starting
to complain about the time/dates in the messages.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

So I decided to try and turn the blocking into grey listing, but the
sender is getting a greylist dsn with an api url to the mx host.
Just clicking the link will allow the message go thru on the next
attempt.

I would discourage relying on information from your SMTP delay actually
being surfaced back to the end user.  I've found that such information frequently doesn't make it to the end user.  Even when it does make it
to the end user, chances are quite good that they will not know what to
do with it.

Currently I am just rejecting the messages if they originate from an ip
in the dns blacklist (most of these emails are crap). Compared to that I
think it is nice to relay back to some real valid users/message an
option to click a link.

If they start complaining, I can say look at the email,
If they do not understand, I can say click the link,
If they do not have the email, then I can say the $f is supposed to be a route-able address, complain to your provider for not maintaining the
standard, make them forward your message.

In my current situation I have not really a solution. Other then to
remove the dns blacklist entry, probably forced to do this for a large
range of ip's, which results in getting more spam from this network.
(in the case of randomized $f, I have already an email whitelist)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to None <hzcnjkx656@tormails.com>:

So I decided to try and turn the blocking into grey listing, but the
sender is getting a greylist dsn with an api url to the mx host.
Just clicking the link will allow the message go thru on the next attempt.

That is a bad idea unless you want to find yourself widely blocked.

Most spam has forged return addresses, so you're sending those
challenges to random strangers who never sent you mail and will
correctly interpret your challenges as spam from you, and act
accordingly.

This sort of challenge-response nonsense was somewhat popular 20 years
ago but I thought it was mostly eradicated by now.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/7/22 6:43 PM, John Levine wrote:

That is a bad idea unless you want to find yourself widely blocked.

I think that you're talking about something different than my
understanding of what the OP is talking about.

This sort of challenge-response nonsense was somewhat popular 20
years ago but I thought it was mostly eradicated by now.

My understanding is that the OP is returning custom error messages
during the initial SMTP transaction and /NOT/ sending independent challenge-response messages.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

My understanding is that the OP is returning custom error messages
during the initial SMTP transaction and /NOT/ sending independent challenge-response messages.

Indeed, indeed, I was actually wondering if there is a difference in how
4xx errors are being treated (in regards relaying this back to the
sender) Currently I am getting a notification after 4h. While 5xx are
instant.

The alternative would be storing the message locally, sending a 5xx
error with a link to allow the message archived thru.
Although I am clueless on how to re-initiate the process of delivery
from these stored emails. With the greylisting I can just wait for the
sender to solve this for me.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Most spam has forged return addresses, so you're sending those
challenges to random strangers who never sent you mail and will
correctly interpret your challenges as spam from you, and act
accordingly.

This sort of challenge-response nonsense was somewhat popular 20 years
ago but I thought it was mostly eradicated by now.

I was actually thinking the same. However I think currently this option
is getting more available than in the past. You could do this only for
mail received from senders that have valid spf settings for sure -all
but maybe also the ~all.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to None <hzcnjkx656@tormails.com>:

Indeed, indeed, I was actually wondering if there is a difference in how
4xx errors are being treated (in regards relaying this back to the
sender) Currently I am getting a notification after 4h. While 5xx are >instant.

Oh, OK. That's shooting yourself in the foot. Approximately nobody
notifies users about 4xx rejections unless they repeat long enough
(days) that the message times out.

The alternative would be storing the message locally, sending a 5xx
error with a link to allow the message archived thru.

I think that's shooting yourself in the other foot. If your rejection
shows up in a person's mailbox, they'll probably think it is a weird
phish and ignore it. But a lot of entirely legit mail does not
come from people, like newsletters and order confirmations for
stuff you've bought. Those 5xx will be seen by nobody and the
mail will just disappear.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 08/04/2022 20:42, John Levine wrote:

According to None <hzcnjkx656@tormails.com>:

Indeed, indeed, I was actually wondering if there is a difference in how
4xx errors are being treated (in regards relaying this back to the
sender) Currently I am getting a notification after 4h. While 5xx are
instant.

Oh, OK. That's shooting yourself in the foot. Approximately nobody
notifies users about 4xx rejections unless they repeat long enough
(days) that the message times out.

Indeed, looks like that. Even error codes about the amount of recipients
being to high are not directly relayed back to the sender.
One would think that such required 'manual' alteration would be notified immediately. But I will try a few others.

The alternative would be storing the message locally, sending a 5xx
error with a link to allow the message archived thru.

I think that's shooting yourself in the other foot. If your rejection
shows up in a person's mailbox, they'll probably think it is a weird
phish and ignore it.

From my experience I can not really conclude people are not reading the
error messages.
Even if, I can't be blamed if someone else is failing to read something.
Next time they read it, when they want to get thru.

But a lot of entirely legit mail does not
come from people, like newsletters and order confirmations for
stuff you've bought. Those 5xx will be seen by nobody and the
mail will just disappear.

Yes that is a really weird concept "I can contact you, but you are not
allowed to contact me". I can't wait for the legislation where the
noreply@... stuff is being banned.

Companies/users that send from spamming networks, I offer ip
whitelisting (when they get dedicated ip), email address (envelope from)
white listing, and now a link in a dsn.
I think that is quite a nice service towards people being cheap sending
via third rate services.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

According to None <hzcnjkx656@tormails.com>:

But a lot of entirely legit mail does not
come from people, like newsletters and order confirmations for
stuff you've bought. Those 5xx will be seen by nobody and the
mail will just disappear.

Yes that is a really weird concept "I can contact you, but you are not >allowed to contact me". I can't wait for the legislation where the >noreply@... stuff is being banned.

Um, you are aware of the difference between the envelope and the
message header, I hope?

Those 5xx rejection messages go to the envelope address. Every
discussion list hosted by Mailman or Sympa or LISTSERV sends the
bounces to a robot that tries to figure out what the problem was and
prune addresses that bounce consistently. Ditto any competent
bulk message or transaction system. That has nothing to do with the
address in the From header to which manual replies would be sent.

Really, you can shoot yourself in the foot if you want, but I can't recommend it.
Greylisting is pretty effective as a way to tell whether you're talking to a real
MTA or a spambot. But that's all it does.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Um, you are aware of the difference between the envelope and the
message header, I hope?

Yes. yes. Currently my reasons for using this are
- envelope should be route-able, from: idk (only skipped a bit through
these rfc's)
- most 'normal' email have an envelope = from:
- spf check results are already available
- automated systems (not made in India) are expecting errors there and
most likely have some sort of exception handling that tries to report
something back (on a web interface).

Those 5xx rejection messages go to the envelope address. Every
discussion list hosted by Mailman or Sympa or LISTSERV sends the
bounces to a robot that tries to figure out what the problem was and
prune addresses that bounce consistently. Ditto any competent
bulk message or transaction system. That has nothing to do with the
address in the From header to which manual replies would be sent.

I will have to test between these two. I am more and more thinking about dumping all the email traffic in something like prometheus/influx, so I
can compare and graph the results better over time.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/8/22 1:55 AM, None wrote:

Indeed, indeed, I was actually wondering if there is a difference in how
4xx errors are being treated (in regards relaying this back to the
sender)

That's tricky. On one hand, you've got problems with what the MUA will
surface up from the (failed) SMTP transaction with the MSA to the end
user through the UI. On the other hand, you've got problems with what
sort of DNS / bounce the downstream MTA will return to the purported
envelope sender, combined with how does the MUA display DSNs / bounces
that it recognizes. I've seen both ends of the spectrum of both
failures. In short, you can't rely on anything being remotely usable,
much less understandable by the lay person.

Currently I am getting a notification after 4h. While 5xx are instant.

That makes sense to me. 4xx errors means the server thinks "maybe I can
get the message through later, I should retry before giving up and
telling the boss." Conversely 5xx errors mean the server thinks "I
won't be able to get this message through, I should tell the boss now".

The alternative would be storing the message locally, sending a 5xx
error with a link to allow the message archived thru.

I *STRONGLY* discourage this. Without any form of validation of the
purported SMTP envelope, you are almost certainly going to end up
sending what amounts to spam back to spoofed senders. -- Joe Job and
snow shoe spam come to mind.

Although I am clueless on how to re-initiate the process of delivery
from these stored emails. With the greylisting I can just wait for the
sender to solve this for me.

You can tell Sendmail to process message(s) in the local mail queue
based on different criteria.

There's not much you can do to remote servers sending to you. If you
know which server it is, you could theoretically issue an ETRN for your
domain. But ... that's going to be fraught with problems. -- I've
used ETRN from my primary SMTP server to ask my secondary SMTP server to initiate queue processes after un-wedging something ($MILTER with it's
bits in a jam) on the primary.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/8/22 5:55 PM, None wrote:

Indeed, looks like that. Even error codes about the amount of recipients being to high are not directly relayed back to the sender.

It depends on what "amount of recipients being too high" means. It
could be too many recipients for the given message, which I would expect
to cause an immediate permanent 5xx failure. Or it could be "we've seen
too many messages / different recipients from this sending server,
please try again later." which is akin to grey listing and shouldn't
cause an error.

One would think that such required 'manual' alteration would be notified immediately. But I will try a few others.

It depends on what it is. There's a lot of subtlety to it.

From my experience I can not really conclude people are not reading the
error messages.

My experience is that people see /something/ -- it doesn't matter what
it is -- that is not the positive / affirmative result they are used to,
and freeze up or glaze over or otherwise fail to make sense of it.

Years ago I created a text message for a log in script that said:

--8<--
Call the help desk at 7220 and tell them "My computer says it needs to
be scanned." -- This message will no longer pop up after your computer
has been scanned.

8--

Once a month I'd have someone that would stop me while I was out working
on computers saying something like "my computer has this message that
pops up". I'd see what it was and ask them to read it to me. They
would read it without processing it and then ask "what do I need to do".
To which I'd tell them to read it again for the answer to that very
question. We'd go back and forth between one and three times. Usually
it ended with them saying "so I've been putting up with this message for
many months when all I needed to do was to call the help desk and say
one thing?!?!?!" to which I'd say "yes".

Sometimes they'd ask me to fix things while I was there. I'd tell them
that I can't, and that they would need to follow the directions on their screen.

You can lead a horse to water, but you can't make it drink. People have
to want to help themselves.

Even if, I can't be blamed if someone else is failing to read something.

Oh, trust me, you can be blamed.

I ran into all sorts of excuses as to why people didn't read the
message. "It's a computer error...." or "errors are for technicians..."
or the likes.

Next time they read it, when they want to get thru.

Yep.

"Tar is cowardly refusing to create an empty archive."

The reasoning for the error is staring you in the face. But you have to
be able to see past the trees to appreciate the forest.

Yes that is a really weird concept "I can contact you, but you are not allowed to contact me". I can't wait for the legislation where the noreply@... stuff is being banned.

Banning it won't be any more effective than banning spam / viruses /
other computer crime.

I have always believed that each and every noreply@ bull shit is a
missed opportunity. It's relatively easy to encode all sorts of
information about what sent the message using VERP. It's fairly easy to
use a legitimate From: header, VERP like or otherwise. It's
ridiculously simple stupid to use a Reply-To: header to re-direct the inevitable reply to somewhere useful, even if it's just an info@ type positional address that a robot looks at before a human does.

Aside: You can even do something to indicate to the robot that this
message is from someone that has received a message from the company.
If you're smart about it, you can encode information about the message
that the reply is from, thus who the message was sent to that is being
replied to that generated the message that the robot is processing.

Maybe it's just me, but I don't think this is hard by any stretch of the imagination.

noreply@ bull shit is a wasted opportunity.

Companies/users that send from spamming networks, I offer ip
whitelisting (when they get dedicated ip), email address (envelope from) white listing, and now a link in a dsn.
I think that is quite a nice service towards people being cheap sending
via third rate services.

I'll give you kudos to the link in the DSN. Props if the link encodes
details to partially fill out a form. ;-)

Aside: Be careful with the link. Don't obfuscate things. Let people
see what is being sent. It's good will or anti bad will. Also,
authenticate what is sent & comes in so that someone can't get up to
mischief.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/9/22 5:46 AM, None wrote:

Yes. yes. Currently my reasons for using this are
- envelope should be route-able, from: idk (only skipped a bit through
these rfc's)

I believe the envelope sender is an opportunity to encode debugging information. E.g. VERP.

I believe that there are other SMTP options that are woefully under
used; ORCPT, notify, etc.

- most 'normal' email have an envelope = from:

Maybe. Don't rely on it.

- spf check results are already available
- automated systems (not made in India) are expecting errors there and
most likely have some sort of exception handling that tries to report something back (on a web interface).

I feel the need to state that there is a big difference in what happens
during the SMTP transaction vs what happens after. Rejecting the
message during the SMTP transaction leaves the responsibility with the
sending system, thus putting it on the hook for undesirable behavior.
Bouncing after accepting a message means that you are on the hook for
the undesirable behavior. -- Focus on what you can influence. Reject
at SMTP time if possible.

I will have to test between these two. I am more and more thinking about dumping all the email traffic in something like prometheus/influx, so I
can compare and graph the results better over time.

I'll take John's statement one step further. I prefer it when the
sending system (CRM et al.) is actually the SMTP client so that it has
/direct/ visibility into things. Sometimes it's possible to learn
/more/ information /faster/ than having things loop through an
intermediate SMTP relay. Especially if the receiving system uses proper
or enhanced status codes.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, April 12, 2022 at 12:43:55 AM UTC-5, Grant Taylor wrote:

On 4/9/22 5:46 AM, None wrote:

Yes. yes. Currently my reasons for using this are
- envelope should be route-able, from: idk (only skipped a bit through these rfc's)

I believe the envelope sender is an opportunity to encode debugging information. E.g. VERP.

I believe that there are other SMTP options that are woefully under
used; ORCPT, notify, etc.

- most 'normal' email have an envelope = from:

Maybe. Don't rely on it.

- spf check results are already available
- automated systems (not made in India) are expecting errors there and
most likely have some sort of exception handling that tries to report something back (on a web interface).

I feel the need to state that there is a big difference in what happens during the SMTP transaction vs what happens after. Rejecting the
message during the SMTP transaction leaves the responsibility with the sending system, thus putting it on the hook for undesirable behavior. Bouncing after accepting a message means that you are on the hook for
the undesirable behavior. -- Focus on what you can influence. Reject
at SMTP time if possible.

I will have to test between these two. I am more and more thinking about dumping all the email traffic in something like prometheus/influx, so I
can compare and graph the results better over time.

I'll take John's statement one step further. I prefer it when the
sending system (CRM et al.) is actually the SMTP client so that it has /direct/ visibility into things. Sometimes it's possible to learn
/more/ information /faster/ than having things loop through an
intermediate SMTP relay. Especially if the receiving system uses proper
or enhanced status codes.
--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)