On Wed, 22 Feb 2006, Craig Whitmore wrote:
I've previously assumed that would be fine, but Craig got me to worrying.
Anyone trying to check an 822 address like this (rightly or wrongly) is
going to get the wrong answer (I'd say it serves them right, but these
thing can be dificult to explain to other people sometimes).
This is why I wait until they say DATA to reject.
The way I do it. the above would of worked, BUT if they went any further
such as sending a message (with DATA) then it errors.
Here is a real life example of braindead CBV/DSN (domain changed to
protect the innocent). It happens continuously every day. This kind of idiocy
is why you have to wait until DATA to reject, even though rejecting immediately
after RCPT TO is RFC correct.
Here my client sends mail to 2 people at rfcignorantcorp.com:
2006Feb21 10:17:12 [641] connect from pc21.somecorp.com at ('192.168.3.41',
1216) INTERNAL
2006Feb21 10:17:12 [641] hello from [127.0.0.1]
2006Feb21 10:17:12 [641] mail from <jackiel(_at_)somecorp(_dot_)com>
('SIZE=1266',)
2006Feb21 10:17:12 [641] rcpt to <mildred(_at_)rfcignorantcorp(_dot_)com> ()
2006Feb21 10:17:12 [641] rcpt to <susank(_at_)rfcignorantcorp(_dot_)com> ()
2006Feb21 10:17:12 [641] abort after 0 body chars
2006Feb21 10:17:12 [641] mail from <jackiel(_at_)somecorp(_dot_)com>
('SIZE=1266',)
2006Feb21 10:17:13 [641] rcpt to <mildred(_at_)rfcignorantcorp(_dot_)com> ()
2006Feb21 10:17:13 [641] rcpt to <susank(_at_)rfcignorantcorp(_dot_)com> ()
2006Feb21 10:17:13 [641] Subject: BOOKING AND CHARGES
2006Feb21 10:17:13 [641] Auto-Whitelist: mildred(_at_)rfcignorantcorp(_dot_)com
2006Feb21 10:17:13 [641] Auto-Whitelist: susank(_at_)rfcignorantcorp(_dot_)com
2006Feb21 10:17:13 [641] eom
SRS signs the MFROM (using my hack to omit duplicate domain):
2006Feb21 10:17:13 make_srs jackiel<@somecorp.com.>
2006Feb21 10:17:13 OK SRS0=zvTTz=4Q==jackiel<@somecorp.com.>
Carotrans tries to do some kind of CBV/DSN:
2006Feb21 10:17:30 [642] connect from smtp.rfcignorantcorp.com at
('209.215.77.110', 16021) EXTERNAL
2006Feb21 10:17:30 [643] connect from smtp.rfcignorantcorp.com at
('209.215.77.110', 16022) EXTERNAL
2006Feb21 10:17:30 [643] hello from ctiproxy.rfcignorantcorp.com
2006Feb21 10:17:30 [642] hello from ctiproxy.rfcignorantcorp.com
2006Feb21 10:17:30 [643] mail from <> ('SIZE=1394',)
2006Feb21 10:17:30 [642] mail from <> ('SIZE=1382',)
2006Feb21 10:17:30 [642] Received-SPF: none (smtp.somecorp.com: 209.215.77.110
is neither permitted nor denied by domain of ctiproxy.rfcignorantcorp.com)
client-ip=209.215.77.110;
envelope-from=postmaster(_at_)ctiproxy(_dot_)rfcignorantcorp(_dot_)com;
helo=ctiproxy.rfcignorantcorp.com;
2006Feb21 10:17:30 [642] X-Guessed-SPF: neutral
2006Feb21 10:17:30 [643] Received-SPF: none (smtp.somecorp.com: 209.215.77.110
is neither permitted nor denied by domain of ctiproxy.rfcignorantcorp.com)
client-ip=209.215.77.110;
envelope-from=postmaster(_at_)ctiproxy(_dot_)rfcignorantcorp(_dot_)com;
helo=ctiproxy.rfcignorantcorp.com;
2006Feb21 10:17:30 [643] X-Guessed-SPF: neutral
2006Feb21 10:17:31 [642] rcpt to <jackiel(_at_)somecorp(_dot_)com> ()
2006Feb21 10:17:31 [643] rcpt to <jackiel(_at_)somecorp(_dot_)com> ()
I have to delay the reject until DATA (not visible in log - will fix
now that immediate reject is an option) - otherwise rfcignorantcorp would never
get the mail :-( !?!?
2006Feb21 10:17:31 [642] REJECT: bounce with no SRS encoding
2006Feb21 10:17:31 [643] REJECT: bounce with no SRS encoding
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com