Re: [exim] exim can't handle 521 response from remote MX

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] exim can't handle 521 response from remote MX
On Sat, Sep 04, 2021 at 03:42:39PM +0100, Jeremy Harris via Exim-users wrote:
> On 04/09/2021 15:03, Sabahattin Gucukoglu via Exim-users wrote:
> > perhaps Exim should consider the last line of a response instead of the first for purposes of evaluation?
>
> I don't see a coherent argument for either direction,
> when they differ.
>
> If postscreen is doing it so wrongly, it is the thing that needs fixing.


The postscreen(8) behaviour is unlikely to change.

Absent a time-machine, and given that the ultimate decision is made
after the initial banner and greet pause, and that refusing SMTP service
(521 banner) is supposed to only happen to botnet and similar clients,
the postscreen(8) service has no choice but to appear to change its mind
after the initial "220-".

We hope that any clients that are erroneously rejected legitimate MTAs
will get the hint, but the primary audience for postscreen bad news are
botnet SMTP engines, and what they make of the dropped connections is of
little interest.

FWIW, Postfix has always taken the SMTP status code from the last line
of a multi-line server response, but as you noted there is no RFC
requirement to do so, and the code is expected to not vary from line to
line.

This does mean that the few Postfix systems that enable greet pauses in
postscreen(8), and then reject a legitimate MTA they judge to have a
poor IP reputation, might end up dealing with repeated retries from such
MTAs.

Choosing the last response code has some advantages, but Exim is under
no obligation to do so.

-- 
    Viktor.