ietf
[Top] [All Lists]

Re: [taugh.com-standards] Re: Gen-ART and OPS-Dir review of draft-ietf-appsawg-nullmx-06

2014-09-02 13:46:15
On Tue, Sep 02, 2014 at 02:30:57PM -0400, John R Levine wrote:

Sadly, though it is very late in the process, I failed to notice
this originally, and must belatedly report a significant issue
noted by Wietse Venema.  The response code for rejecting a recipient
with a nullmx domain and a sender with a nullmx domain are reversed
in the draft.

Since 521 like 221 and 421 leads to connection drop after the reply,

Only when it's the SMTP greeting.  In this case it's not.  That suggests
that JCK's suggestion to have a new RFC to replace 1846 is a good one, since
it could mention this other fairly obvious use case.

Looking at 1846, it gives a server responding with 521 the choice
of either then dropping the connection or else a mandate to reject
all further commands with 521.  This is wrong, with multi-recipient
mail when only some of the recipients are in the problem domain.

The Postfix SMTP server, drops the connection when its response
code is 521.  So 521 is definitely problematic in the "RCPT TO:"
case.

it is only appropriate when the entire envelope will be rejected.
Thus 521 goes with rejection of a nullmx sender domain and 550
with a particular nullmx recipient.

No, 550 to reject the MAIL FROM is correct.  See RFC 5321, sec 3.3.  It's a
policy rejection.

I'm not religious on 521 for "MAIL FROM:".  550 is fine too.

This is a bug report about the "RCPT TO:" 521 code, I thought
perhaps they were switched accidentally.

-- 
        Viktor.