On Wed, Oct 28, 2015 at 02:40:57PM -0400, Ted Lemon wrote: > > Most of the time, on properly configured receiving systems, errors > > are already synchronous. > > This is almost never the case. Sure, if you send mail to a RCPT TO: that > fails, then you can get immediate notification, but rejection of attachments > generally happens after the mail has been accepted and queued. You're clearly sending mail to poorly operated systems, likely to systems where the attachments are rejected somewhere other than at the edge MX host. Such systems should not be rejecting the attachments, it is too late for that, once it crossed the line from "outbound" to "inbound". The systems in question need to apply their attachment policy closer to the "edge", i.e. at the first inbound hop. > In order to _bounce_ a message based on content, you need to evaluate it > before sending the "250 Message Accepted response." There is a valid > code for that, which I don�t remember off the top of my head, but I don't > know of any MTAs that use it. The SMTP reply code and DSN code SHOULD be correct, but are not especially critical. Any 5XX 5.N.M code will have the effect of synchronously rejecting the message. Postfix has header/body checks that reject based on content, and supports milters and proxy filter that can do the job out of process. The reply for bad content in Postfix defaults to "550 5.7.1 message content rejected". > The point is that it is possible following the current specs to deliver > an immediate response in the majority of cases, but that isn�t being done, Well it is being done, and Postfix users are strongly encouraged to do so whenever backscatter is discussed on the users list. Systems where content inspection happens after mail is queued, and unwanted content triggers bounces are misconfigured. > and furthermore MUAs aren't expecting it, and so probably won't give the > user a message that explains to them why the message was rejected. This > is an entirely solvable problem, but it is not a solved problem. I await patches for Postfix and your favourite MUA that solve this "entirely solvable" problem. MUAs are a very different issue. The MSA should generally accept and bounce back to the authenticated user, this is fine, because the MSA authenticates the client. MUAs are often not able to deal with rejection at submission time, especially rejection for a subset of the recipients. Nor is it possible for the MSA to synchronously report remote rejects from (some subset of) the receiving domains. -- Viktor.