ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Any justification for failing RSET?

2005-10-29 09:01:15
from [Hector Santos] [Permanent Link] 

From: "Harald Tveit Alvestrand" <harald(_at_)alvestrand(_dot_)no>



Hi,
a matter of curiosity....

I have a tool running that tries to verify email addresses (reasons
irrelevant here) - the sequence of commands used is EHLO, MAIL FROM, RCPT
TO, RSET, QUIT (VRFY being more-or-less useless these days).

I noticed that a few large sites are returning 554 on the RSET, with the
text "Transaction failed" - hotmail.com in particular.

Now, this is obviously in violation of RFC 2821, but I wonder..... does
anyone have any idea of why they're doing that?

                       Harald, curious....


Well, hotmail.com is doing a few things of late that is definitely, how
shall I say it.... in the same mindset of Microsoft, "daring" (not par for
the course) to say the least. I won't bother to go into the details.

If you are doing a CBV, you don't need to do a RSET, just QUIT.

I just tested this at hotmail (using RSET after RCPT) and I see the same 554
response with a connection close.  I can only guess that a sequence:

    EHLO/HELO
    MAIL FROM:
    RCPT
    RSET

is probably triggering logic on the hotmail server backend that consider
this this an "alternative" verify.  In other words, I suspect (did not try
it) it only expects RSET to be active after a DATA command is used.

If you consider what RFC 2821 says:

4.1.1.5 RESET (RSET)

   This command specifies that the current mail transaction will be
   aborted.  Any stored sender, recipients, and mail data MUST be
   discarded, and all buffers and state tables cleared.  The receiver
   MUST send a "250 OK" reply to a RSET command with no arguments.  A
   reset command may be issued by the client at any time.  It is
   effectively equivalent to a NOOP (i.e., if has no effect) if issued
   immediately after EHLO, before EHLO is issued in the session, after
   an end-of-data indicator has been sent and acknowledged, or
   immediately before a QUIT.  An SMTP server MUST NOT close the
   connection as the result of receiving a RSET; that action is reserved
   for QUIT (see section 4.1.1.10).

Although, the anal, can arguably state that the term "ABORTED" means the
connection ends, however, the specs clearly says the receiver MUST issue a
250, and the connection MUST not be close, therefore HOTMAIL.COM is
violating the specification.

Yet another example of Microsoft "daring" moves.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Q: Any justification for failing RSET?, Harald Tveit Alvestrand
Next by Date:  Re: Q: Any justification for failing RSET?, ned+ietf-smtp
Previous by Thread:  Q: Any justification for failing RSET?, Harald Tveit Alvestrand
Next by Thread:  Re: Q: Any justification for failing RSET?, ned+ietf-smtp
Indexes:  [Date] [Thread] [Top] [All Lists]