MTA
Click on the red underlined text to get to the source
... BCP) RFC. As such it should be
used as a guideline for SMTP MTA implementors to make their products
more capable of preventing/handling spam ...
... However, this memo is not generally intended as a description on how
to operate an SMTP MTA - which "knobs" to turn and how to configure
the options. If suggestions are provided, they will be clearly marked
and they should be read as such.
...
...
If, however, enough Internet MTAs did implement enough of the rules
described below (especially the Non-Relay rules), we would get the
spammers ...
... spam.
Even if 99% of the SMTP MTAs implemented them from Day 1,
spammers would still find the remaining 1% and use them. Or
...
... SMTP
layer and that an MTA that decides to refuse a message should do so
while still in the SMTP dialogue. First, this means that we do not
...
...
o 2xx
is a Positive Completion reply and indicates that the MTA now has
taken responsibility for the delivery of the mail.
...
...
An MTA that also has the ability to handle mailing lists and expand
that to a number of recipients, needs to be able to authorize senders ...
... subnets. It
is RECOMMENDED that the data/template for doing so may be supplied
outside of the MTA, e.g. that the pattern matching rules be included
in the MTA ...
... MTA, e.g. that the pattern matching rules be included
in the MTA but that the actual patterns may be in an external file.
It is also RECOMMENDED that the pattern matching rules (external
...
... anti-spam rules today,
spammers will find ways around them and a well designed MTA should be
flexible enough to meet those new threats.
...
...
Therefore, the MTA MUST be able to control/refuse such Relay usage.
...
...
Instead, the MTA MUST be able to authorize Mail Relay usage based on
a combination of:
...
...
The MTA MUST prepend a "Received:" line in the mail (as described in
RFC822std11(-> 2822prop), [2 ...
... firewall/gateway, as described
later) each MTA along the path, including the final MTA, MUST prepend
a "Received:" line. For such a "Received:" line we have:
...
... gateway, as described
later) each MTA along the path, including the final MTA, MUST prepend
a "Received:" line. For such a "Received:" line we have:
...
... network structure
must still be allowed and able to do so. They usually make their
internal MTAs prepend "Received:" lines with a very limited amount of
information, or prepend none at all. Then they send out the mail
through some kind of firewall ...
... gateway device, which may even remove
all the internal MTAs' "Received:" lines before it prepends its own
"Received:" line (as required in RFC1123std3, [3 ...
...
The MTA MUST be able to provide enough local log information to make
it possible to trace the event. This includes most of the information
...
...
The MTA SHOULD be able to log all anti-relay/anti-spam actions. The
log entries SHOULD contain at least:
...
... DNS). This functionality could be implemented at a firewall, but
since the MTA should be able to "defend itself" we recommend it be able
to as well.
...
...
To improve filtering even more, the MTA MAY provide complete regular
expressions to be used for hostnames; possibly also for IP addresses.
...
...
The MTA MUST NOT refuse to receive "MAIL From: <>".
...
... error mail to go to multiple recipients, e.g. a list with several
list owners, all located at the same remote site, and thus the MTA
MUST NOT refuse "MAIL From: <>" even in this case.
...
...
However, the MTA MAY throttle down the TCP connection ("read()"
frequency) if there are more than one "RCPT To:" and that way slow
...
...
The MTA MUST NOT refuse "MAIL From: <user@my.local.dom.ain>".
...
...
The MTA SHOULD be able to refuse to receive mail from a specific
"MAIL From:" user (foo@domain.example) or from an entire "MAIL From:"
...
... A record).
If the DNS error is temporary, TempFail, the MTA MUST return a 4xx
Return Code (Temporary Error). If the DNS ...
... NXdomain (host/domain unknown) the MTA SHOULD still return a 4xx
Return Code (since this may just be primary and secondary DNS ...
...
The MTA SHOULD allow outgoing mail to have its <local-part> verified
so that the sender name is a real user or an existing alias ...
... valid (VRFY) and even get more
addresses (EXPN). Therefore, the MTA SHOULD control who is is allowed
to issue these commands. This may be "on/off" or it may use access
lists similar to those mentioned previously.
...
... SMTP ETRN means that the MTA will re-run its mail queue, which may be
quite costly and open for Denial of Service attacks ...
... quite costly and open for Denial of Service attacks. Therefore, the
MTA SHOULD control who is is allowed to issue the ETRN command. This
may be "on/off" or it may use access lists similar to those mentioned
...
...
Therefore, the MTA MUST be configurable to provide "Success" (2xx),
"Temporary Failure" (4xx) or "Permanent Failure" (5xx) for different
rules or policies. The exact return codes ...
... However, when the response is the result of a DNS lookup and the DNS
system returned TempFail, a temporary error, the MTA MUST reflect
this and provide a 4xx return code. If the DNS response ...
... Authoritative NXdomain (host or domain unknown) the MTA MAY reflect
this by a 5xx Return Code.
...
... Authorization code and 2) enough flexibility
in assigning Return Codes - an MTA with a 5xx Return Code carved in
stone would have made this absolutely impossible.
...
...
Even though this memo is about MTAs and recommendations for them,
some of what is done here also impacts UAs (User Agents ...
... Reads text from the keyboard and hands that over to the mailbox
MTA for delivery as a piece of mail. This typically uses the SMTP
...
... delivery as a piece of mail. This typically uses the SMTP
protocol, i.e. the same protocol that is used between MTAs.
...
... mail program (the UA; e.g. pine, Netscape, Eudora) will try to send
out mail via their home MTA, e.g. SMTP-SERVER=mail.home.example, but
unless mail.home.example has been updated to accept that (temporary)
...
... The correct way to handle this situation, though, is by some other
mail-sending protocol between the UA and the MTA.
...
... SMTP to serve as The
Protocol between the UAs and the home MTA (whether that should be
considered a new protocol or "the same old SMTP ...