IETF Logo Mail Archive

Re: [taugh.com-standards] Re: Gen-ART and OPS-Dir review of draft-ietf-appsawg-nullmx-06

ned+ietf@mauve.mrochek.com Thu, 04 September 2014 18:00 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F360C1A0183 for <ietf@ietfa.amsl.com>; Thu, 4 Sep 2014 11:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.57
X-Spam-Level:
X-Spam-Status: No, score=-2.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urFd4vU_K2jI for <ietf@ietfa.amsl.com>; Thu, 4 Sep 2014 11:00:07 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id C4EED1A0179 for <ietf@ietf.org>; Thu, 4 Sep 2014 11:00:02 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PC6LRD7AMO002UD8@mauve.mrochek.com> for ietf@ietf.org; Thu, 4 Sep 2014 10:55:05 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PC6KHUDFZ4002WQY@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Thu, 04 Sep 2014 10:54:59 -0700 (PDT)
From: ned+ietf@mauve.mrochek.com
Message-id: <01PC6LRBWYMY002WQY@mauve.mrochek.com>
Date: Thu, 04 Sep 2014 10:20:29 -0700
Subject: Re: [taugh.com-standards] Re: Gen-ART and OPS-Dir review of draft-ietf-appsawg-nullmx-06
In-reply-to: "Your message dated Thu, 04 Sep 2014 16:46:39 +0000" <20140904164639.GB14392@mournblade.imrryr.org>
References: <3hpmKd3LBYzbcfr@spike.porcupine.org> <alpine.BSF.2.11.1409041232500.23605@joyce.lan> <20140904164639.GB14392@mournblade.imrryr.org>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/SJg6aZoCeZcycwueJyp5IDjM7tU
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 18:00:21 -0000

> On Thu, Sep 04, 2014 at 12:37:50PM -0400, John R Levine wrote:

> > If you get 521 as a server greeting it means "I'm not a mail server."  If
> > you get 521 as a response to RCPT TO it means "That's not a mail domain."

> This overloading is unfortunate.  It creates an implementation
> challenge on the server side, because at least with Postfix, 421/521
> responses can originate in milters, policy services, and access
> tables.

As they can in our MTA. I fail to see the relevance.

>  In such cases the server interprets this as a "please drop
> this client now" signal.

Huh? Since when does the client send SMTP status codes to the server?

> Since nullmx recipient policy might well be implemented in miters
> and the like, Postfix has no way to distinguish between this new
> proposed code (which seems to not be a "drop" signal) and all
> previous uses which are.

If that's really true, then Postfix needs work independent of this issue. It
has always been the case that statuses returned in response to RCPT TO are
recipient-specific, and thus have very different semantics from statuses
returned by MAIL FROM, DATA, BDAT, BURL, the final dot, etc., which apply to
the message as a whole.

And these statuses are in turn distinct from session-level stuff like STARTTLS
and AUTH.

When you get right down to it, SMTP isn't all that simple.

> Postfix also supports "soft_bounce", which downgrades all 5XX
> replies to the corresponding 4XX replies.

The structure of extended status codes guarantees that a 5.x.y shares semantics
with a 4.x.y. But this is not true for regular status codes, because the third
digits of those codes were assigned essentially on a  first-come-first serve
basis. So you have things like 500, 501, 502, 503, 504, and 553 that don't have
a corresponding 4yz code, 551 and 451 have very different  semantics, and the
proper downgrade code for 554 really needs to be 451.

Given this, I'd have to say that once again it's the implementation, not
the proposal, that needs work.

>  However 421 after RCPT
> TO does not carry a "That's not a mail domain, but try again later"
> meaning.

It doesn't carry that meaning anywhere. But again, just because someone
assumed, wrongly, that there's general equivalency between 5yz and 4yz and
added an option in support of that incorrect assumption, doesn't mean we should
cater to it.

> The choice of 521 here seems rather unfortunate, and based on an
> error the experimental RFC 1846.  Please consider 550 or similar.

That's part of the problem: None of the existing codes that can be returned in
response to RCPT TO are right for the job. 550 is a mailbox access error, 552
is a storage allocation error, 553 is an invalid mailbox error, and 555 is a
parameter problem. Out of all these 553 is probably the closest, but it is
still not quite right.

				Ned

v2.23.0 | Report a Bug | By Email