spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Latest proposal re HELO checking: make HELO tests optional

2004-03-11 15:56:01
from [Rolf E. Sonneveld] [Permanent Link] 
Well, Hector,

Hector Santos wrote:


[...]





If you receive "mail from: <user(_at_)RHS>" will you be doing a validation
call back (mail from:<whatever>; rcpt to:<user(_at_)RHS>) without having
checked that the domain RHS allows ip address a.b.c.d to use that RHS?

If not, you will be probing innocent victims.


On an unrelated note,  I don't agree with this "probing innocent victims"
statement and I don't want to get into the CBV philosophical debates.


Seems you'd prefer to stick to your own CBV rules. My message:

Date: Thu, 11 Mar 2004 19:48:02 +0100
From: "Rolf E. Sonneveld" <r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl>
Subject: Re: Microsoft Patent - Re: New Internet Draft:
draft-duerst-archived-at-00.txt
In-reply-to: <00dd01c40794$478ec670$04f1a8c0(_at_)taiwai>
To: Tim Kehres <tim at kehres dot com>
Cc: Nathaniel Borenstein <nsb at guppylake dot com>,
Hector Santos <winserver dot support at winserver dot com>,
Martin Duerst <duerst at w3 dot org>, ietf-822(_at_)imc(_dot_)org
Reply-to: r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl

was rejected by your mailserver:

Transport layer information:
----------------------------------------------------------------------
Envelope From: address: r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl
Envelope To: addresses: winserver(_dot_)support(_at_)winserver(_dot_)com

Message delivery history:
----------------------------------------------------------------------
Thu, 11 Mar 2004 19:13:26 +0000 (GMT)
winserver(_dot_)support(_at_)winserver(_dot_)com: smtp;552 Return Path not 
verifiable.

Thu, 11 Mar 2004 20:01:10 +0000 (GMT)
winserver(_dot_)support(_at_)winserver(_dot_)com: smtp;552 Return Path not 
verifiable.
What did your mailserver do to verify the Return Path? My MX records are OK, my PTR record for the sending host is OK. What else? 

Furthermore, your server is giving the wrong error code. From RFC2821:


  RFC 821 [30] incorrectly listed the error where an SMTP server
  exhausts its implementation limit on the number of RCPT commands
  ("too many recipients") as having reply code 552.  The correct reply
  code for this condition is 452.  Clients SHOULD treat a 552 code in
  this case as a temporary, rather than permanent, failure so the logic
  below works.
Please check RFC2821 for the proper reply codes; code 552 should be used for: 

"552 Requested mail action aborted: exceeded storage allocation"
This is a nice illustration of how new techniques easily may break current legal mail flows. 
/rolf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Possible modification to Mail::SRS, Jeremy T. Bouse
Next by Date:  Re: Latest proposal re HELO checking: make HELO tests optional, Hector Santos
Previous by Thread:  Re: Latest proposal re HELO checking: make HELO tests optional, Hector Santos
Next by Thread:  Re: Latest proposal re HELO checking: make HELO tests optional, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]