Re: Spamd default behaviour of accepting everything

[Chad M Stewart]

On May 24, 2007, at 8:35 AM, Henning Brauer wrote:

* Bob Beck <[EMAIL PROTECTED]> [2007-05-24 08:22]:
rfc 2821 specifically forbids this behaviour.
<quote>
The DATA command can fail at only two points in the protocol  
exchange:

   -  If there was no MAIL, or no RCPT, command, or all such  
commands
      were rejected, the server MAY return a "command out of  
sequence"
      (503) or "no valid recipients" (554) reply in response to  
the DATA
      command.  If one of those replies (or any other 5yz reply) is
      received, the client MUST NOT send the message data; more
      generally, message data MUST NOT be sent unless a 354 reply is
      received.

   -  If the verb is initially accepted and the 354 reply issued,  
the
      DATA command should fail only if the mail transaction was
      incomplete (for example, no recipients), or if resources were
      unavailable (including, of course, the server unexpectedly
      becoming unavailable), or if the server determines that the
      message should be rejected for policy or other reasons.

and that paragraph says right there, the server can decide it doesn't
have the resources to deal with it. no problem.  The RFC does not
forbid it

yes, but not in response to the DATA command (what I was talking  
about)
but after.

I agree with you Henning that per that paragraph a 4xy should not be  
sent as a reply to the data command itself.  Instead a 4xy should  
only be sent after a 354 has been sent and all the data received.   
Which of course would undermine a lot of the benefit of spamd.  I  
think one of the points is to reject the mail before the data is sent  
down the pipe, allowing the data wastes the receivers bandwidth.

I went looking in other places within these two RFCs for indications  
that a 4xy is legal in response to the DATA command.  I think I've  
found points in both RFCs that make it legal to send a 4xy in response.


From 821

4.3.  SEQUENCING OF COMMANDS AND REPLIES

.
.
.

    DATA
               I: 354 -> data -> S: 250
                                 F: 552, 554, 451, 452
               F: 451, 554
               E: 500, 501, 503, 421




From 2821

4.3.2 Command-Reply Sequences

.
.
.

    DATA
      I: 354 -> data -> S: 250
                        E: 552, 554, 451, 452
      E: 451, 554, 503


Thus I think spamd is within the RFCs when it issues a 451 in  
response to the data command.



and 821 (which ain't dead yet) allows explicitly in the state  
transactions.
2821 is simply vague.

well, 2821 is somewhat vague, 821 is kinda the definition of vague :)

Yup.



-Chad