Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 28 December 2010 22:20 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A98ED3A695B; Tue, 28 Dec 2010 14:20:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbkoR3uOz-G1; Tue, 28 Dec 2010 14:20:06 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id ECE4F3A68E8; Tue, 28 Dec 2010 14:20:05 -0800 (PST)
Received: from [188.28.189.65] (188.28.189.65.threembb.co.uk [188.28.189.65]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <TRpjAQB0Kyt8@rufus.isode.com>; Tue, 28 Dec 2010 22:22:06 +0000
Message-ID: <4D1A4414.5060103@isode.com>
Date: Tue, 28 Dec 2010 20:09:56 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Ned Freed <ned.freed@mrochek.com>
References: <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it> <01NVQAP0UQRU007CHU@mauve.mrochek.com> <227C2506194609988B81BE4F@PST.JCK.COM> <01NVVQNSWU7U007CHU@mauve.mrochek.com>
In-Reply-To: <01NVVQNSWU7U007CHU@mauve.mrochek.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Ned Freed <NED+eai@mauve.mrochek.com>, apps-discuss@ietf.org, John C Klensin <klensin@jck.com>, ima@ietf.org, draft-ietf-eai-rfc5336bis@tools.ietf.org
Subject: Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Dec 2010 22:20:07 -0000
[With my MTA server developer hat on, not speaking as an AD] Ned Freed wrote: >>In addition, one must have a session for which mail transactions >>are permitted (i.e., EHLO must have been sent) in order to use >>any parameters at all. >> >> > >You certainly need to send an EHLO and process the result to find out what >extensions are allowed - guessing what combination of extensions will work most >certainly is not a sound operational policy. And implementations are certainly >free to only offer the extensions that have been returned in an EHLO repsonse. > >That said, I don't see an actual requirement in section 2.2 stating that EHLO >must be issued before any parameters can be used. (Maybe it's somewhere else, >but a cursory search didn't find it.) Our MTA certainly doesn't enforce this >and AFAIK neither does sendmail, PostFix, Apache James, or qmail. > Isode M-Switch doesn't enforce this either. >(Exim, OTOH, appears to.) > > >>RFC 5321, Section 4.1.4, explicitly >>permits sending VRFY or EXPN without first having EHLO in the >>session. So there is another implicit requirement in all of >>this that should almost certainly be made explicit. >> >> >There certainly should be a note saying that you need to issue an EHLO >and check the response before attaching any parameters to VRFY/EXPN. I don't >think a requirement that parameters not be accepted before an EHLO >has been issued is needed. > > +1. Maybe the client has cached EHLO response from a previous connection. >>(I think >>this is the topic about handshaking that Dave and Shawn have >>been circling around, but I'm not sure). >> >> >It's part of it, I think. > > >>>However, this brings up >>>another issue, which is that a server that supports this >>>extension needs a way to tell a client that doesn't that >>>it cannot return a proper response to VRFY/EXPN without >>>that parameter being specified. A new SMTP error status is >>>needed, but the document only defines an extended status >>>for this purpose; it doesn't specify a regular status code to >>>use. >>> >>> >>If we go down this path, the WG clearly needs to reexamine >>whether such a code is necessary. I think you have made a >>persuasive case, but I can't speak for the WG. >> >> >*It doesn't have to be a new code. OTOH, it needs to be a code that EXPN/VRFY >don't return for other purposes, and I think if you look at the list of >available codes a new code is needed. >* > >>Indeed, this has all gotten sufficiently complex that I think >>perhaps the WG should reexamine its decision to handle the "VRFY >>and EXPN with possible non-ASCII responses" situation by >>parameterizing those commands rather than introducing new >>commands, say VRF8 and EXP8. IIR, the WG did consider that >>alternative (long ago) and conclude that adding a parameter was >>the more straightforward option. But, perhaps, given the >>various complexities that have emerged, that was not the right >>decision. >> >> >I considered suggesting new commands, but given the need to specify >syntax for the new commands I don't see this as any simplier >specification-wise. In terms of implementation, a new command is actually >a somewhat more complex - the code changes are less localized, and I suspect >other implementations will be comparable in this regard. > > +1. >But the minute you need some other variant on EXPN and VRFY, the alternate >command appraoch becomes the far more complex way to do it. Now, we haven't had >a specification come along that needed additional EXPN/VRFY parameters before >this one, but these things have a way of showing up once you open the door and >get people thinking about them. So I'm strongly inclined to stick with the >parameter approach. > > +1.
- [apps-discuss] Analysis of comments on 5336bis (w… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN Alexey Melnikov
- [apps-discuss] apps-team review of draft-ietf-eai… Claudio Allocchio
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- [apps-discuss] RFC5336 and VRFY/EXPN (was: Re: [E… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Al Costanzo
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… John C Klensin