Tony Hansen wrote:
On 8/11/2010 11:14 AM, John C Klensin wrote:
FWIW,
(1) My recommendation would be to retain the timeout, but note
that server implementations should be aware that some clients
will ignore the spec for operational reasons and apply a much
smaller number. My guess is that a discussion of the
appropriateness of doing that doesn't belong in an erratum/
corrigendum to 5321 but in a separate document (if at all).
Most of the notes about clients severely ignoring the spec appear to be
from MUAs that should really be using Submit instead of SMTP.
hmmmm, MUAs are generally active updated software today, so I find it
odd they would among the severely ignorant abusers
How would SUBMIT (port 587) be different than PUBLIC SMTP (port 25) in
regard to timeouts?
I can only see where SUBMIT requiring AUTH (not an option)
short-circuits some|all filtering processing at the transport level.
This is important for SUBMIT at the EHLO level in regards the increase
use of SOHO NATS. SUBMIT requires EHLO to be domain or IP-literal
correct. It also requires AUTH. Due to increase use of NATS with LAN
user machines, the SMTP client could potentially use the wrong EHLO
domain or [IP-Literal]. Thunderbird had this problem.
The solution:
1) Help the TBIRD People to add a option to set the EHLO domain. In the
versions from 2.0+, you can do this in the EDITOR CONFIG
settings. See
mail.smtpserver.smtp#.hello_argument
You would hard code the [IP] or public domain of the NAT server.
2) Add logic to the MSA server to delay EHLO checking until the
AUTH is determined for PORT 587 connects.
Since AUTH is a SUBMIT requirement, I believe the EHLO correctness
requirement can be relaxed.
I wrote to John and Pete about this when the issue was seen (~2+ years
ago). I don't know if any text was added to mention the issue in
4909bis (I have not checked).
This might explain why some USERS are incapable of using SUBMIT even
if they wanted to over LAN and NAT and a MUA that is using the User's
PC IP does not match the IP of the SMTP nat machine connection. If
the SUBMIT server has a EHLO IP-literal vs Connection IP check, it
will fail.
--
Sincerely
Hector Santos
http://www.santronics.com