|
North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: VeriSign SMTP reject server updated
- From: Jack Bates
- Date: Mon Sep 22 13:19:23 2003
Matt Larson wrote:
In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard. Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO commands).
Matt,
The problem is that some systems have a specially formatted response
message that they send to their users under certain conditions. For
example, commonly used Exchange servers will send User unknown for any
550 issued on a RCPT command, where as they would inform the user that
the domain did not exist for nxdomain. I have heard that these messages
were also sent back in the proper language.
How will users of such systems know if it was a recipient issue or a
domain issue? Granted, part of this problem in the example is the smtp
implementation (which any abuse desk will tell you that it is
aggrivating to get a call about a "User unknown" message when a Security
Policy 550 5.7.1 was issued with comment).
Of course, mail is the least of concerns. There are millions of programs
written that check for NXDOMAIN. A lot of this software cannot readily
be changed to recognize the wildcard, requiring recursors to be patched;
which is almost as repulsive as the wildcard to begin with.
Here's just 2 commonly used applications, who's output has changed which
will break many expect scripts and then some.
$ ftp jkfsdkjlsfkljsf.com
ftp: connect: Connection refused
ftp> quit
$ ftp jklfskjlsfljks.microsoft.com
jklfskjlsfljks.microsoft.com: unknown host
ftp> quit
$ telnet jlkfsjklsfjklsfd.com
Trying 64.94.110.11...
^C$ telnet jksfljksfdljkfs.microsoft.com
jksfljksfdljkfs.microsoft.com: Unknown host
-Jack
|
|
|
