The main goal then is to require people to use our SMTP servers, so we can publish a stricter SPF record that says "All LiveJournal.com mail comes from only this network."
If anybody would like to kick-start this feature and wants to write up docs, here are the requirements:
-- postfix, Debian
-- SASL auth
-- plug-in to do auth/authz, because:
-- paid users only
-- rate-limited (don't want to be giving spammers $2.50/month access to our SMTP servers)
-- must be able to also log somehow the RCPT TO addresses... but after they've been obscured with a hashing function. by keeping track of how many distinct recipient addresses, we can allow reasonable outgoing mail limits to regular users (since regular users tend to email the same people a lot) and catch/flag spammers, who mail many different people all the time.
-- SSL would be nice, optionally.
The idea is we'll setup a host like "user-smtp.livejournal.com" which will do the above validation and rate checks, then relay it on to our real smtp servers.
As an incentive: first person to write up good instructions that let us do the rest gets 1 or 2 permanent accounts. (you don't have to do the anti-spammer stuff, but you must demonstrate how we can get at the RCPT data....)
I have a suspicion that this is all going to be a pain in the ass, because I've never found a mail system that's flexible enough and that I even remotely like. But maybe you guys are better at mail... I'm certainly not.
