[62780] in North American Network Operators' Group
Re: VeriSign SMTP reject server updated
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Sep 22 13:17:27 2003
Date: Mon, 22 Sep 2003 12:14:30 -0500
From: Jack Bates <jbates@brightok.net>
To: Matt Larson <mlarson@verisign.com>
Cc: nanog@nanog.org
In-Reply-To: <20030920180139.GA21405@chinook.rgy.netsol.com>
Errors-To: owner-nanog-outgoing@merit.edu
Matt Larson wrote:
> In response to this feedback, we have deployed an alternate SMTP
> implementation using Postfix that should address many of the concerns
> we've heard. Like snubby, this server rejects any mail sent to it (by
> returning 550 in response to any number of RCPT TO commands).
>
Matt,
The problem is that some systems have a specially formatted response
message that they send to their users under certain conditions. For
example, commonly used Exchange servers will send User unknown for any
550 issued on a RCPT command, where as they would inform the user that
the domain did not exist for nxdomain. I have heard that these messages
were also sent back in the proper language.
How will users of such systems know if it was a recipient issue or a
domain issue? Granted, part of this problem in the example is the smtp
implementation (which any abuse desk will tell you that it is
aggrivating to get a call about a "User unknown" message when a Security
Policy 550 5.7.1 was issued with comment).
Of course, mail is the least of concerns. There are millions of programs
written that check for NXDOMAIN. A lot of this software cannot readily
be changed to recognize the wildcard, requiring recursors to be patched;
which is almost as repulsive as the wildcard to begin with.
Here's just 2 commonly used applications, who's output has changed which
will break many expect scripts and then some.
$ ftp jkfsdkjlsfkljsf.com
ftp: connect: Connection refused
ftp> quit
$ ftp jklfskjlsfljks.microsoft.com
jklfskjlsfljks.microsoft.com: unknown host
ftp> quit
$ telnet jlkfsjklsfjklsfd.com
Trying 64.94.110.11...
^C$ telnet jksfljksfdljkfs.microsoft.com
jksfljksfdljkfs.microsoft.com: Unknown host
-Jack
