VeriSign SMTP reject server updated
Jack Bates
jbates at brightok.net
Mon Sep 22 17:14:30 UTC 2003
Matt Larson wrote:
> In response to this feedback, we have deployed an alternate SMTP
> implementation using Postfix that should address many of the concerns
> we've heard. Like snubby, this server rejects any mail sent to it (by
> returning 550 in response to any number of RCPT TO commands).
>
Matt,
The problem is that some systems have a specially formatted response
message that they send to their users under certain conditions. For
example, commonly used Exchange servers will send User unknown for any
550 issued on a RCPT command, where as they would inform the user that
the domain did not exist for nxdomain. I have heard that these messages
were also sent back in the proper language.
How will users of such systems know if it was a recipient issue or a
domain issue? Granted, part of this problem in the example is the smtp
implementation (which any abuse desk will tell you that it is
aggrivating to get a call about a "User unknown" message when a Security
Policy 550 5.7.1 was issued with comment).
Of course, mail is the least of concerns. There are millions of programs
written that check for NXDOMAIN. A lot of this software cannot readily
be changed to recognize the wildcard, requiring recursors to be patched;
which is almost as repulsive as the wildcard to begin with.
Here's just 2 commonly used applications, who's output has changed which
will break many expect scripts and then some.
$ ftp jkfsdkjlsfkljsf.com
ftp: connect: Connection refused
ftp> quit
$ ftp jklfskjlsfljks.microsoft.com
jklfskjlsfljks.microsoft.com: unknown host
ftp> quit
$ telnet jlkfsjklsfjklsfd.com
Trying 64.94.110.11...
^C$ telnet jksfljksfdljkfs.microsoft.com
jksfljksfdljkfs.microsoft.com: Unknown host
-Jack
More information about the NANOG
mailing list