From: Stephan Bosch Date: Fri, 19 Oct 2018 15:12:10 +0000 (+0200) Subject: submission: relay backend: VRFY command: Avoid forwarding 500 and 502 replies back... X-Git-Tag: 2.3.9~1138 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1ea5d9aac118b64d54de64333e45513338194cf7;p=thirdparty%2Fdovecot%2Fcore.git submission: relay backend: VRFY command: Avoid forwarding 500 and 502 replies back to client. These are in fact non-standard for VRFY and indicate that VRFY support is disabled, which is not allowed by the specification. Instead, we now substitute the default 252 response. --- diff --git a/src/submission/submission-backend-relay.c b/src/submission/submission-backend-relay.c index 20682b51ee..9d16b49b7b 100644 --- a/src/submission/submission-backend-relay.c +++ b/src/submission/submission-backend-relay.c @@ -773,6 +773,23 @@ relay_cmd_vrfy_callback(const struct smtp_reply *relay_reply, &reply)) return; + /* RFC 5321, Section 3.5.3: + + A server MUST NOT return a 250 code in response to a VRFY or EXPN + command unless it has actually verified the address. In particular, + a server MUST NOT return 250 if all it has done is to verify that the + syntax given is valid. In that case, 502 (Command not implemented) + or 500 (Syntax error, command unrecognized) SHOULD be returned. As + stated elsewhere, implementation (in the sense of actually validating + addresses and returning information) of VRFY and EXPN are strongly + recommended. Hence, implementations that return 500 or 502 for VRFY + are not in full compliance with this specification. + */ + if (reply.status == 500 || reply.status == 502) { + smtp_server_cmd_vrfy_reply_default(cmd); + return; + } + if (!smtp_reply_has_enhanced_code(&reply)) { switch (relay_reply->status) { case 250: