-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Constantine A. Murenin wrote:
Julian Mehnle wrote:
I tend to agree with Wietse Venema that concluding from a timeout that
the previous command was never received, and proceeding to sending
another command (equivalent or whatever), is broken client behavior.
Client commands should always be processed sequentially by the server.
Thus...
* if the first HELO/EHLO command would have been accepted (but the
server hasn't managed to send the response yet), the response should
be sent, and a second HELO/EHLO should be rejected outright, unchecked
by SPF.
* if the first HELO/EHLO command would have been rejected (but the
server hasn't managed to send the response yet), the response should
be sent, and any further commands (including HELO/EHLO) should be
treated normally.
So the second HELO/EHLO must be again checked by the SPF?
I said "should be treated normally". I.e. it depends on _why_ the first
HELO/EHLO command was rejected. If it was rejected because an SPF or
other security check failed permanently, the server should probably _not_
allow any further attempts to circumvent the security measures. If on the
other hand the first HELO/EHLO command was rejected due to server
overload, SPF TempFail, or some other temporary or non-security failure,
the server should probably allow the client to try again.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD7fKTwL7PKlBZWjsRAt9TAJ9fe1ovAWW2BSlQRgwgf1Tc2Y/2cwCbBjsd
ulo7iTLNyEpln3KHQQmaDx0=
=6hAo
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com