IETF Logo Mail Archive

Re: [Emailcore] Ticket #5: G.5. Remove or deprecate the work-around from code 552 to 452?

John C Klensin <john-ietf@jck.com> Thu, 11 March 2021 21:19 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 433EE3A0C5D; Thu, 11 Mar 2021 13:19:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eoxbds6u8BAX; Thu, 11 Mar 2021 13:19:04 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71BBF3A0C59; Thu, 11 Mar 2021 13:19:01 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1lKShw-00047H-4b; Thu, 11 Mar 2021 16:19:00 -0500
Date: Thu, 11 Mar 2021 16:18:54 -0500
From: John C Klensin <john-ietf@jck.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>, emailcore@ietf.org
Message-ID: <9A7BDB22F3A0396EF24BF91D@PSB>
In-Reply-To: <CAHej_8=deJU1CW2AzDBu5ji3Uir+_zF6Gp59Z-hHRmRipz8Osw@mail.gmail.com>
References: <ca851fda-63ac-8739-c3eb-bde725aa25f3@isode.com> <c188413b-9337-40d8-8062-9c0f58f6cd98@www.fastmail.com> <CAHej_8kHwEOmq5bf49=Tt6ZEVkuidMhy5s4XPu7JC+k22qraZg@mail.gmail.com> <CAHej_8ma-kDkVh3Oj11R5Fn6BbwJsWfFpx0Zqv61fPL35CJNUA@mail.gmail.c om> <0F2370D0-D04C-45A1-A5A1-8FF1F174FFE5@dukhovni.org> <CAHej_8=deJU1CW2AzDBu5ji3Uir+_zF6Gp59Z-hHRmRipz8Osw@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/yIMQNMWs0XD-090sngMGdEefqUE>
Subject: Re: [Emailcore] Ticket #5: G.5. Remove or deprecate the work-around from code 552 to 452?
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 21:19:06 -0000


--On Thursday, March 11, 2021 11:52 -0500 Todd Herr
<todd.herr=40valimail.com@dmarc.ietf.org> wrote:

>...
>> All that said, the RFC text in question is bogus, no client I
>> know of honours it.

> I believe that's where we landed during the discussion on
> Wednesday.

What I had not done on Wednesday, or recently enough before
then, was to carefully read the entirety of Section 4.5.3.1.10,
which explicitly calls for the behavior someone, I think you,
mentioned in a previous message, i.e., server accepts recipients
up to the limit, then generates a 452 for each succeeding RCPT
command.  Client then continues processing with the recipients
up to that point, sends the message, and then requeues the
message for additional recipients.  And the client is expected
to treat a 552 in response to RCPT as if it were a 452.  Nothing
there prohibits the client from sending messages to the
recipient addresses who got the 452 (or 552) one at a time or
even treating the very first 452 (or 552) as an indication that
it should send QUIT or RSET and start sending the message in one
recipient at a time mail transactions.  It also provides for the
server to indicate to the client that it is just not willing to
accept mail transactions with a number of recipients larger than
it wants to accept with a 503 response after DATA.

Up to that point, I think the text is consistent with what we
have been told about current practice, including treating a 552
response code as if it were temporary.  Referring back to
Wednesday's discussion and slide (I believe Slide 6), the
sentence highlighted is entirely consistent with current
practice and probably needed to keep that practice valid.  If it
is in need to changing, it would be to change the SHOULD to a
MUST since that appears to be what everyone is doing anyway.  I
personally think that would be a bad idea because we have no way
of knowing about all possible cases and that change probably
wouldn't accomplish anything anyway. 

That suggests that, if changes are needed, there are probably
three of them, the first two in the third paragraph of that
section ("If an SMTP server has..."), not in the first one:

(1) As I have suggested elsewhere, more explanatory
cross-references in this over-complicated document would be a
good idea.  So:

OLD:
	If an SMTP server has an implementation limit on the
	number of RCPT commands and this limit is exhausted,

NEW/PROPOSED:
	If an SMTP server has an implementation limit on the
	number of RCPT commands and this limit is exhausted (See
	Section 7.8),

Comment:
Section 7.8 ("Resistance to Attacks"), which explicitly mentions
large numbers of recipients, is not quite right for this.  More
generally, we've talked informally about flexibility for
"operational necessity" for years (I even used that phrase in
G.1) but it does not appear elsewhere in the document.  I think
it would be helpful to clarity to re-title 7.8 to "Resistance to
Attacks and Local Operational Requirements" (or something
similar) and probably to add a sentence or two there that would
indicate that attack resistance is not the only issue that might
justify local restrictions.  If people agree, text welcome.

Alexey, I have tentatively added the above as G.15.  Unless no
one agrees that the above is at least worth further discussion,
please make a ticket.

(2) That paragraph also says that the server MUST use a 452
response code in the "too many recipients" case.  I think we
should be reluctant to remove the recommendation.  Especially
given the "look at first digit only" rule, 452 is clearly better
than 552.  However, if people are uncomfortable with a MUST that
is generally violated, I recommend a SHOULD with an additional
sentence that indicates that many implementations do not follow
that recommendation.  The only justification I can think of for
removing the recommendation entirely would be if harm was
generally caused if 452 were returned.  Given the "examine first
digit" rule. it is hard to imagine such harm except in
implementations that are seriously broken.

(3) Unless we are going to overhaul things in ways radically
different from the above and unless anyone has serious
objections (and raises them soon) I intend to patch Section 4 to
better indicate the role of "too many recipients" codes in the
scheme of things.

   john

v2.23.0 | Report a Bug | By Email