Re: [taugh.com-standards] Re: Gen-ART and OPS-Dir review of draft-ietf-appsawg-nullmx-06

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Tue, Sep 02, 2014 at 02:30:57PM -0400, John R Levine wrote:

> >Sadly, though it is very late in the process, I failed to notice
> >this originally, and must belatedly report a significant issue
> >noted by Wietse Venema.  The response code for rejecting a recipient
> >with a nullmx domain and a sender with a nullmx domain are reversed
> >in the draft.
> >
> >Since 521 like 221 and 421 leads to connection drop after the reply,
> 
> Only when it's the SMTP greeting.  In this case it's not.  That suggests
> that JCK's suggestion to have a new RFC to replace 1846 is a good one, since
> it could mention this other fairly obvious use case.

Looking at 1846, it gives a server responding with 521 the choice
of either then dropping the connection or else a mandate to reject
all further commands with 521.  This is wrong, with multi-recipient
mail when only some of the recipients are in the problem domain.

The Postfix SMTP server, drops the connection when its response
code is 521.  So 521 is definitely problematic in the "RCPT TO:"
case.

> >it is only appropriate when the entire envelope will be rejected.
> >Thus 521 goes with rejection of a nullmx sender domain and 550
> >with a particular nullmx recipient.
> 
> No, 550 to reject the MAIL FROM is correct.  See RFC 5321, sec 3.3.  It's a
> policy rejection.

I'm not religious on 521 for "MAIL FROM:".  550 is fine too.

This is a bug report about the "RCPT TO:" 521 code, I thought
perhaps they were switched accidentally.

-- 
	Viktor.