Re: [ietf-smtp] parsing SMTP replies (was: Proposed ESMTP keyword RCPTLIMIT}

John C Klensin <> Thu, 18 March 2021 06:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA09C3A2082 for <>; Wed, 17 Mar 2021 23:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 81YeRTdQz5Te for <>; Wed, 17 Mar 2021 23:05:13 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 471453A207F for <>; Wed, 17 Mar 2021 23:05:13 -0700 (PDT)
Received: from [] (helo=PSB) by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1lMlmR-000KS9-H4; Thu, 18 Mar 2021 02:05:11 -0400
Date: Thu, 18 Mar 2021 02:05:06 -0400
From: John C Klensin <>
To: Sam Varshavchik <>,
Message-ID: <82889FA991FFFE7568C71932@PSB>
In-Reply-To: <>
References: <CF0247A810AF9482CBB155E8@PSB> <> <> <> <> <4EC92B6CFDD4220E0F692CF0@PSB> <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [ietf-smtp] parsing SMTP replies (was: Proposed ESMTP keyword RCPTLIMIT}
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 Mar 2021 06:05:15 -0000

--On Wednesday, March 17, 2021 21:37 -0400 Sam Varshavchik
<> wrote:

> John C Klensin writes:
>> Personally and wearing no hats, I like the idea of a new
>> "LIMITS" extension and EHLO keyword.   However, I think we
>> could
> This reminded me of something that I wanted to mention. In
> whichever form the eventual specification of recipient limits
> takes place: I believe that the specification should set a
> minimum recipient limit. In other words: the minimum number of
> recipients that can be advertised.
> I believe that the generally good track record of historical
> interoperability of SMTP implementations goes back to what's
> in section 4.5.3 of RFC 821, that gives the minimal limits of
> various things, like line lengths. And, incidentally, the
> minimum number of recipients that an SMTP server should accept
> is 100 recipients.
> I don't remember if this was discussed, but this should be
> called out in any eventual recipient limit specification: the
> minimum value is 100, as per 2821 and 821.


In principle, I agree with you.  There are two practical
problems and I don't know quite what to do about either.   

First, given the handwaving that I've called "operational
necessity" (and there will be more about the need to address
that in draft-ietf-emailcore-rfc5321bis-03) 5321 already allows
implementations and operators to pick a smaller number.  So,
strictly speaking, if a server returns 250 replies to the first
dozen recipients and then returns 452 for every RCPT command it
gets until the client either sends DATA (or equivalent) or gives
up (presumably with QUIT or RSET), it is conformant to 5321 even
if you, I, and (I hope) many others have to hold our noses while
saying that.  

In part because of that and given comments from others on this
and the emailcore list, if the specification for RCPTLIMIT says
"you MUST NOT provide a number smaller than 100", I'd expect an
implementation or configuration that intends to impose a smaller
limit would either just not advertise the parameter (or LIMITS
itself) or would ignore that requirement and put in a number it
considers appropriate.  Those are "lose either way" options, at
least AFAICT.

Again, I agree about the interoperability aspects of this.  If
nothing else and regardless of what we call it, I think we are
headed down the path in which practical interoperability
depends, not on the standard(s) but on implementations and
configurations selecting compatible profiles of features and
options -- precisely what many people associated with the
ARPANET and early Internet were complaining about in various ITU
protocols when 821 was new and explaining as one of the
important reasons why X.400 was failing or had failed already a
decade later.  Awareness of that problem was at least one of the
reasons for the 1425/5321 text I cited earlier.  But I don't
think the LIMITS extension makes things worse, only more
explicit, and I have no idea how to turn back the tide.