Hello!
On Fri, Jan 14, 2005 at 01:20:35PM -0500, Stuart D. Gathman wrote:
On Fri, 14 Jan 2005, Hannah Schroeter wrote:
MAIL FROM: <>
RCPT TO: <a(_at_)your(_dot_)domain> ; this a isn't a signed envelope
sender or so
RCPT TO: <b(_at_)your(_dot_)domain> ; b *is* and the signature is valid
This is illegal for a DSN, and I immediately reject as soon as the
second rcpt is seen for a DSN.
Ok. Then if you already sent a 2xx to the first RCPT, you'd send a 5xx
to the second and a 5xx after the data?
Is this specified in the standards that all mail with MAIL FROM: <>
is allowed to have only one recipient?
And yet another point where forwarding would break.
Say I have this aliases file on foo.domain
a: b(_at_)bar(_dot_)domain, c(_at_)bar(_dot_)domain
Now, I receive a bounce to a(_at_)foo(_dot_)domain, then I'd usually bundle
the forward into one SMTP transaction, and voilà, you have a MAIL FROM:
<>, with 2 RCPTs.
Btw, is there a provision in the SRS specs how to rewrite an empty MAIL
FROM? The only thing that makes sense is to keep it empty, isn't it?
Or should one rather rewrite it to some devnull(_at_)forwarder?
Local usernames? They can be dictionary scanned by using a non-empty
MAIL FROM which is SPF unknown or pass, so you don't gain anything
from not exposing them (by using a different 5xx reply than if the
user wouldn't exist at all) if MAIL FROM is empty.
Good point. I was following recommended practice for SES with CBV, but maybe
it is out of date. I'll go back and review to make sure.
There was a point in greylisting that you should defer 4xx responses for
mails with empty envelope sender in the greylisting case to after DATA,
so callback verify won't break because of greylisting.
But I see no point to defer 5xx responses, neither for SES with CBV, nor
for greylisting, nor for other reasons. Could you (or someone else)
explain or refer me to where reasons for that were described?
Kind regards,
Hannah.