On Mon, 21 Jun 2004, Chris Drake wrote:
[Flow step 1] Originating MTA (OMTA) contacts Recipient MTA (RMTA) and
issues the usual HELO, MAIL FROM, RCPT TO, and (for SMTP-CBV fluent
OMTAs) a custom VRFY line.
[Flow step 2] OMTA enters DATA phase and sends the message.
[Flow step 3] RMTA accepts HELO, MAIL FROM, RCPT TO, optional VRFY,
and DATA commands, and opens a socket to the MTA of the MAIL FROM
domain (hereafter called the VMTA - which may be the OMTA itself, or
the usual MTA associated with the OMTA, or some other MTA/custom CBV
process controlled by the ISP)
[Flow step 4] RMTA issues a HELO, then a custom VRFY command, then a
MAIL FROM: using the recipient address of the earlier "RCPT TO"
command, then a RCPT TO using the address of the earlier "MAIL FROM"
command, then a DATA command, the RMTA closes the socket (terminates
connection without sending any data).
It would be much cleaner to RSET and QUIT instead of say DATA and drop the
connection.
When is the result of the callout communicated to the OMTA? After
CRLF.FRLF? As the response to DATA?
Note that this protocol doesn't prevent joe jobs, because the forger won't
advertise ChrisDrakeCBV regardless of whether the forged domain normally
would.
Prevents dictionary attacks, since the RMTA can verify the sender
before letting the attacker know if the recipient exists, and (if the
attacker speaks SMTP-CBV) gives the RMTA a "constant" (the VMTA IP
address) to use for throttling attack speed.
This paragraph disagrees with the protocol you described.
--
Tony Finch <dot(_at_)dotat(_dot_)at> http://dotat.at/