Well, Hector,
Hector Santos wrote:
[...]
If you receive "mail from: <user(_at_)RHS>" will you be doing a validation
call back (mail from:<whatever>; rcpt to:<user(_at_)RHS>) without having
checked that the domain RHS allows ip address a.b.c.d to use that RHS?
If not, you will be probing innocent victims.
On an unrelated note, I don't agree with this "probing innocent victims"
statement and I don't want to get into the CBV philosophical debates.
Seems you'd prefer to stick to your own CBV rules. My message:
Date: Thu, 11 Mar 2004 19:48:02 +0100
From: "Rolf E. Sonneveld" <r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl>
Subject: Re: Microsoft Patent - Re: New Internet Draft:
draft-duerst-archived-at-00.txt
In-reply-to: <00dd01c40794$478ec670$04f1a8c0(_at_)taiwai>
To: Tim Kehres <tim at kehres dot com>
Cc: Nathaniel Borenstein <nsb at guppylake dot com>,
Hector Santos <winserver dot support at winserver dot com>,
Martin Duerst <duerst at w3 dot org>, ietf-822(_at_)imc(_dot_)org
Reply-to: r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl
was rejected by your mailserver:
Transport layer information:
----------------------------------------------------------------------
Envelope From: address: r(_dot_)e(_dot_)sonneveld(_at_)sonnection(_dot_)nl
Envelope To: addresses: winserver(_dot_)support(_at_)winserver(_dot_)com
Message delivery history:
----------------------------------------------------------------------
Thu, 11 Mar 2004 19:13:26 +0000 (GMT)
winserver(_dot_)support(_at_)winserver(_dot_)com: smtp;552 Return Path not
verifiable.
Thu, 11 Mar 2004 20:01:10 +0000 (GMT)
winserver(_dot_)support(_at_)winserver(_dot_)com: smtp;552 Return Path not
verifiable.
What did your mailserver do to verify the Return Path? My MX records are
OK, my PTR record for the sending host is OK. What else?
Furthermore, your server is giving the wrong error code. From RFC2821:
RFC 821 [30] incorrectly listed the error where an SMTP server
exhausts its implementation limit on the number of RCPT commands
("too many recipients") as having reply code 552. The correct reply
code for this condition is 452. Clients SHOULD treat a 552 code in
this case as a temporary, rather than permanent, failure so the logic
below works.
Please check RFC2821 for the proper reply codes; code 552 should be used
for:
"552 Requested mail action aborted: exceeded storage allocation"
This is a nice illustration of how new techniques easily may break
current legal mail flows.
/rolf