Null Sender Question
Scott B. Anderson
sbanderson at impromed.com
Mon Oct 6 21:39:45 IST 2008
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Kai Schaetzl
> Sent: Monday, October 06, 2008 2:31 PM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Null Sender Question
> Daniel Straka wrote on Mon, 06 Oct 2008 10:49:03 -0600:
> > I believe many of the receiving systems will not deliver messages
> > with a null sender.
> It's perfectly ok. It's actually required by RFC to accept these
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
Yes, but many, MANY of us Violate the old RFC standard, and the new ones recognize the need to reject email that otherwise passes the old RFC standard as valid email.
To support my position, note the following:
RFC 5321 supersedes RFC1123 where necessary.
RFC 5321 includes the following text:
" It also includes some additional material from RFC 1123 that required
amplification. This material has been identified in multiple ways,
mostly by tracking flaming on various lists and newsgroups and
problems of unusual readings or interpretations that have appeared as
the SMTP extensions have been deployed. Where this specification moves
beyond consolidation and actually differs from earlier documents, it
supersedes them technically as well as textually."
Changes from RFC 2821 to RFC 5321
This was added as section 7.8:
"7.8. Resistance to Attacks
In recent years, there has been an increase of attacks on SMTP
servers, either in conjunction with attempts to discover addresses
for sending unsolicited messages or simply to make the servers
inaccessible to others (i.e., as an application-level denial of
service attack). While the means of doing so are beyond the scope of
this Standard, rational operational behavior requires that servers be
permitted to detect such attacks and take action to defend
themselves. For example, if a server determines that a large number
of RCPT TO commands are being sent, most or all with invalid
addresses, as part of such an attack, it would be reasonable for the
server to close the connection after generating an appropriate number
of 5yz (normally 550) replies."
I would suspect that in turn, a large number of MAIL FROM:<> would also fall under this section of RFC 5321.
This list has debated this point before and I know at least one of us simply rejects email with a null sender via sendmail. In the past we agreed it was a direct violation of RFC1123, now it appears there is some discretion under applicable RFCs.
(I changed my rejection notice on NULL sender in proto.m4 earlier today. ;-> )
sbanderson at impromed.com
More information about the MailScanner