On Tue, 2004-07-27 at 16:58, Andrew Newton wrote:
On Jul 27, 2004, at 7:26 PM, Douglas Otis wrote:
The back door remains open.
MAIL FROM: <intended(_at_)target(_dot_)com> (never checked per core draft)
RCPT TO: <random-1(_at_)dup(_dot_)com> (could be local user, but is not)
Resent-From: <known(_at_)dup(_dot_)com> (any open record or not checked)
From: <intended(_at_)target(_dot_)com> (don't care per core draft)
To: <random-1(_at_)dup(_dot_)com>
Subject: Secret
...
draft-ietf-marid-core-02.txt:
4. Determining the Purported Responsible Address
...
2. Locate the first non-empty Resent-From header in the message.
If a Resent-From header is found, proceed to step 5. Otherwise,
continue with step 3.
This jump to step 5 omits checks for From headers in the message. There
is a caution that differing PRA headers should be visible at the MUA,
but offers no action. I noted that as a don't care.
PRA header trumping order (unrelated to being most recent):
1) If first Resent-Sender go to 5
2) If first Resent-From go to 5
3) If any and all Sender go to 5
4) If any and all From go to 5
5) If single header done.
6) Else 550 Missing PRA. (Must be a single address, not a list)
The bounce becomes:
PRA = known(_at_)dup(_dot_)com (validated)
MAIL FROM: <root(_at_)dup(_dot_)com> (bounce not compliant)
RCPT TO: <intended(_at_)target(_dot_)com>
Subject: Undelivered Mail
The random-1(_at_)dup(_dot_)com could have been a local user, (it had the right
domain), but when relayed to a MTA with a list of valid users, the mail
was rejected as the local part 'random-1' was not valid. The MTA second
to last in the chain, then bounces the message. This may allow
filtering, or if done by a backup MTA, the knowledgeable server is
expected to be out of service.
You lost me right here. 2 qs:
Why is From "don't care per core draft"?
Why is there a bounce?
-Doug