[9942] in bugtraq
Re: Microsoft's SMTP service broken/stupid
daemon@ATHENA.MIT.EDU (Bob Beck)
Wed Mar 17 21:01:30 1999
Date: Wed, 17 Mar 1999 17:49:57 -0700
Reply-To: Bob Beck <beck@BOFH.UCS.UALBERTA.CA>
From: Bob Beck <beck@BOFH.UCS.UALBERTA.CA>
X-To: "David Lemson (Exchange)" <dlemson@EXCHANGE.MICROSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: "David Lemson's message of Wed, 17 Mar 1999 14:58:43 -0800
"David Lemson (Exchange)" <dlemson@EXCHANGE.MICROSOFT.COM> writes:
> connecting to you over and over: it sounds like if they were to fix their
> inverse DNS entries, so you didn't give them a temporary error code, the
> mail would succeed. This is not to say that what the SMTP Service is doing
> is right, but there may be another way to solve this particular problem.
>
> Another solution, which you allude to, is for your server to issue a
> permanent (5xx) code to a problem that will not get corrected on its own
> (such as an invalid inverse DNS record).
You miss the point - this could simply be that their DNS is
down or unreachable in a timely manner so the lookup fails. When this
produces an nonexistent entry it actually *does* often correct itself
"on it's own" once the DNS server is reachable again. Similarly the
invalid entry may in fact be corrected before the usual timeout and
allow the mail to proceed. That's the whole point of returning 4XX.
The only way your "solution" is a solution is to return 5XX
errors for *ALL* situations that currently return a 4XX, otherwise we
risk being DOS'ed by a poorly written server that doesn't treat SMTP
errors right. And this isn't a solution - You lose mail that you
shouldn't. So now I should lose mail on a transient DNS failure
because microsoft distrbutes code that doesn't play SMTP nicely? I
don't think so.
The only solution is to fix the buggy code. and/or block access
from sites running buggy code.
-Bob
