Why mail systems should not defer rejections to RCPT TO time

October 20, 2007

There is a movement for the default configurations of things like exim to defer sender verification to RCPT TO time; instead of reporting an error or a defer after the MAIL FROM, all MAIL FROMs are accepted and only later does the message start getting errors. I have recently come to a realization about why this is wrong, and I even have an example.

The problem is that when you give at least a 4xx error to an RCPT TO, it makes the sending mailer think that there is a problem with that RCPT TO address, not with the MAIL FROM address. The sending mailer may then sensibly defer all email to that recipient, because after all you told it that there was a problem with that address. (The actual text of your 4xx error may explain the situation, but mailers don't yet read English error messages.)

We have actually seen this happen with email from our central campus mail system for someone who was forwarding their email to our system. Some spam domain fell out of the DNS between the central mail system accepting it and it coming to us, we started giving temporary defers at RCPT TO time, and all mail for this person backed up.

I believe that this is done because people feel that some mailers do not react well to MAIL FROM errors (and I've occasionally seen evidence of that in our logs). However I feel that the cure is worse than the disease, and such bad mailers are clearly violating the specification to start with; coddling spec-violating mailers while causing problems for mailers that are following the spec does not seem like a good tradeoff for me.

(Besides, we ran our system with sender verification problems reported at MAIL FROM time for years without getting any complaints or problem reports, so we have empirical evidence that it works fine.)

Theoretically this also allows you to accept mail for postmaster whether or not the sender address actually exists. Personally I do not believe that this is actually a feature, especially since it has been years since we got any legitimate outside email to postmaster; what we do get has been spam.

Written on 20 October 2007.
« Some notes on booting single user in x86 Solaris 10
How I got a corrupted metadb replica that paniced Solaris 10 x86 »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sat Oct 20 22:41:44 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.