[Top] [All Lists]

Re: draft-klensin-rfc2821bis-04: VRFY and EXPN syntax

2007-07-16 09:55:10

At 15:12 16/07/2007, Douglas Otis wrote:

On Jul 15, 2007, at 12:08 PM, John C Klensin wrote:

That said, I could see doing something else if there was general
consensus that it would be worthwhile.  Partially because of the
circumlocutions and security consideration issues, there is a lot
of text about VRFY and EXPN in 2821bis.  I may regret saying this
but, without looking at the spec, I think I could separate that
material out into a separate document called "SMTP VRFY and EXPN
Commands" or words to that effect.  This would not change the basic
specification or requirements at all, but would shorten the SMTP
spec itself, keeping text that that did not have any VRFY/EXPN

When operating as a backup or preprocessing MTA as a service for
third-parties, normally verifying valid recipients is handled by
using some form of LDAP or Active Directory.  This lowers the number
of bounces that might be otherwise generated.  A VRFY enabled on an
MTA that only accepts this command or messages from a backup or
preprocessing MTA can function as an alternative to LDAP when this
information is cached.

Microsoft, for Exchange 2000 or 2003, dropped full support for this
command and always returns 252 2.1.5 Cannot VRFY user, as VRFY is
always advertised.  The proper response can not be enabled via a
registry setting, even when the MTA only responds to a trusted
upstream MTA.  Specific event driven software must be added before
this function can operate as intended, which of course makes LDAP/ Active Directory a simpler choice. : (

Using LDAP only works reliably if the mail server and LDAP server are tightly coupled. This is quite unusual outside of the Microsoft Exchange world. Also, the LDAP server needs to know about aliases and mailing lists, again, this is by no means a given.

LDAP is a directory protocol, it is not specifically tied to email at all. You can have an LDAP server without an SMTP server, and vice versa.

VRFY would seem to me to be the 'proper' way to do this, or a trial 'RCPT TO' command. Using LDAP seems to be a kludge. If I have an SMTP server, then there is no guarantee at all that there is an LDAP server associated with it, and, if there is, no guarantee that it is up to date, or has complete information. On the other hand, if the SMTP server supports VRFY itself, then it is pretty certain it's going to be up to date.

I'd prefer VRFY to be continued, and potentially have notes discussing the problems with a poorly implemented version. If the alternative is for every SMTP server to have to have a tightly-coupled LDAP server, then that's a step in the wrong direction IMHO.

Just because Microsoft Exchange doesn't support it very well, doesn't mean that VRFY should be scrapped - just that people should use better mail servers...