On Dec 1, 3:51am, Hector Santos wrote:
}
} For ESMTP V2.0 Servers:
}
} Compliant servers must support VRFY as a way to validate return address.
That doesn't address the issue (pun?). See my example of MTA1 sending to
MX2, which tries to verify the address using MX1. Unless you impose the
additional requirement that MX1 be able to verify all addresses that may
originate from MTA1, it doesn't matter whether you use VRFY or RCPT.
If, on the other hand, and as Yakov keeps suggesting, you verify only that
MTA1 is a valid source of mail for the domain shared by MTA1 and MX1, you
have placed no new requirements on the SMTP protocol -- you've added an
external authentication step, but not changed SMTP itself.
The most obvious workaround for anyone with an "old" SMTP server will be
to blindly respond success to VRFY of any localpart in their domain, at
which point you've got no more information (in fact, you've got less)
than if you had simply verified MTA1 in the first place.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg