VeriSign SMTP reject server updated

Matt Larson mlarson at verisign.com
Sat Sep 20 18:01:39 UTC 2003


Folks,

One piece of feedback we received multiple times after the addition of
the wildcard A record to the .com/.net zones concerned snubby, our
SMTP mail rejection server.  This server was designed to be the most
modest of SMTP implementations and supported only the most common
sequence of SMTP commands.

In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard.  Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO commands).

We would like to state for the record that the only purpose of this
server is to reject mail immediately to avoid its remaining in MTA
queues throughout the Internet.  We are specifically not retaining,
nor do we have any intention to retain, any email addresses from these
SMTP transactions.  In fact, to achieve sufficient performance, all
logging has been disabled.

We are interested in feedback on the best way within the SMTP protocol
to definitively reject mail at these servers.  One alternate option we
are considering is rejecting the SMTP transaction by returning a 554
response code as described in Section 3.1 of RFC 2821.  Our concern is
if this response effectively causes most SMTP servers to bounce the
message, which is the desired reaction.  We are researching common
SMTP servers' handling of this response code; at least one popular
server appears to requeue mail after receiving 554.  Another option is
remaining with the more standard SMTP sequence (returning 250 in
response to HELO/EHLO), but then returning 550 in response to MAIL
FROM as well as RCPT TO.

I would welcome feedback on these options sent to me privately or the
list; I will summarize the former.

Matt
--
Matt Larson <mlarson at verisign.com>
VeriSign Naming and Directory Services



More information about the NANOG mailing list