VeriSign SMTP reject server updated

Jack Bates jbates at brightok.net
Mon Sep 22 17:14:30 UTC 2003


Matt Larson wrote:

> In response to this feedback, we have deployed an alternate SMTP
> implementation using Postfix that should address many of the concerns
> we've heard.  Like snubby, this server rejects any mail sent to it (by
> returning 550 in response to any number of RCPT TO commands).
> 

Matt,

The problem is that some systems have a specially formatted response 
message that they send to their users under certain conditions. For 
example, commonly used Exchange servers will send User unknown for any 
550 issued on a RCPT command, where as they would inform the user that 
the domain did not exist for nxdomain. I have heard that these messages 
were also sent back in the proper language.

How will users of such systems know if it was a recipient issue or a 
domain issue? Granted, part of this problem in the example is the smtp 
implementation (which any abuse desk will tell you that it is 
aggrivating to get a call about a "User unknown" message when a Security 
Policy 550 5.7.1 was issued with comment).

Of course, mail is the least of concerns. There are millions of programs 
written that check for NXDOMAIN. A lot of this software cannot readily 
be changed to recognize the wildcard, requiring recursors to be patched; 
which is almost as repulsive as the wildcard to begin with.

Here's just 2 commonly used applications, who's output has changed which 
will break many expect scripts and then some.

$ ftp jkfsdkjlsfkljsf.com
ftp: connect: Connection refused
ftp> quit
$ ftp jklfskjlsfljks.microsoft.com
jklfskjlsfljks.microsoft.com: unknown host
ftp> quit
$ telnet jlkfsjklsfjklsfd.com
Trying 64.94.110.11...
^C$ telnet jksfljksfdljkfs.microsoft.com
jksfljksfdljkfs.microsoft.com: Unknown host



-Jack




More information about the NANOG mailing list