[Postfixbuch-users] Frage Return-Code disable_vfry_command=yes

Werner werner at aloah-from-hell.de
Di Sep 14 10:25:46 CEST 2010


Hi,

im Source-Code von Postfix findet sich dazu ein schöner Kommentar in der Funktion

static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)

    /*
     * The SMTP standard (RFC 821) disallows unquoted special characters in
     * the VRFY argument. Common practice violates the standard, however.
     * Postfix accomodates common practice where it violates the standard.
     *
     * XXX Impedance mismatch! The SMTP command tokenizer preserves quoting,
     * whereas the recipient restrictions checks expect unquoted (internal)
     * address forms. Therefore we must parse out the address, or we must
     * stop doing recipient restriction checks and lose the opportunity to
     * say "user unknown" at the SMTP port.
     *
     * XXX 2821 incompatibility and brain damage: Section 4.5.1 requires that
     * VRFY is implemented. RFC 821 specifies that VRFY is optional. It gets
     * even worse: section 3.5.3 says that a 502 (command recognized but not
     * implemented) reply is not fully compliant.
     *
     * Thus, an RFC 2821 compliant implementation cannot refuse to supply
     * information in reply to VRFY queries. That is simply bogus. The only
     * reply we could supply is a generic 252 reply. This causes spammers to
     * add tons of bogus addresses to their mailing lists (spam harvesting by
     * trying out large lists of potential recipient names with VRFY).
     */

Demnach ist die 502er-Antwort eben nicht voll konform aber eben auch nicht
"unkonform" - aus gutem Grund wird kein 252er Reply-Code benutzt. Oder wie
seht ihr das?

Grüsse,
Werner



Mehr Informationen über die Mailingliste Postfixbuch-users