|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VeriSign SMTP reject server updated
Matt Larson wrote: Matt,In response to this feedback, we have deployed an alternate SMTP implementation using Postfix that should address many of the concerns we've heard. Like snubby, this server rejects any mail sent to it (by returning 550 in response to any number of RCPT TO commands). The problem is that some systems have a specially formatted response message that they send to their users under certain conditions. For example, commonly used Exchange servers will send User unknown for any 550 issued on a RCPT command, where as they would inform the user that the domain did not exist for nxdomain. I have heard that these messages were also sent back in the proper language. How will users of such systems know if it was a recipient issue or a domain issue? Granted, part of this problem in the example is the smtp implementation (which any abuse desk will tell you that it is aggrivating to get a call about a "User unknown" message when a Security Policy 550 5.7.1 was issued with comment). Of course, mail is the least of concerns. There are millions of programs written that check for NXDOMAIN. A lot of this software cannot readily be changed to recognize the wildcard, requiring recursors to be patched; which is almost as repulsive as the wildcard to begin with. Here's just 2 commonly used applications, who's output has changed which will break many expect scripts and then some. $ ftp jkfsdkjlsfkljsf.com ftp: connect: Connection refused ftp> quit $ ftp jklfskjlsfljks.microsoft.com jklfskjlsfljks.microsoft.com: unknown host ftp> quit $ telnet jlkfsjklsfjklsfd.com Trying 64.94.110.11... ^C$ telnet jksfljksfdljkfs.microsoft.com jksfljksfdljkfs.microsoft.com: Unknown host -Jack
|