Precedence between whitelisting and badrcptto?

[salvis]

https://github.com/smtpd/qpsmtpd/commit/57a0e4ba7b7de1cd3716f871190bee576f694f43 added whitelisting support to badrcptto with the call to $self->is_immune(). Is that useful? What are the use cases for badrcptto? I have two:

1. Close a mailbox because the addressee has disappeared (e.g. an employee who quit).
2. Close a mailbox because it's receiving too much junk.

The unique advantage of badrcptto is that it supports a custom message to inform the sender of why the mailbox is not working anymore, and possibly to give one or more alternative addresses. The basic premise is that we want to completely shut down that mailbox.

Unfortunately, whitelisting defeats the purpose, because it allows mail from whitelisted senders to go through, so (#1) they never see the message that we wanted to show to them, especially to legitimate senders, and (#2) junk comes through again.

My reason for bringing this up is receiving a piece of spam (in the catch-all mailbox) from yahoo.co.jp (which is whitelisted in list.dnswl.org via the dns_whitelist_soft plugin) for an account listed in badrcptto.

If we say "this rcptto is bad!", is there a use case for allowing a whitelisted host or sender to get through anyway?

Hans

[msimerson]

I'm inclined to agree that overriding badrcptto is not a great idea. If the RCPT TO address is listed in badrcptto, then it should always be blocked.