Giampaolo Tomassoni wrote:
>> -----Messaggio originale-----
>> Da: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
>>
>> ...omissis...
>>
>> I am really curious how do they behave when there's forged sender and
>> both
>> MTA's use this. Either they will cycle forever (so they will never know
>> if
>> either address is OK), or they will stop checking (so the spam will
>> pass
>> because spammer forged domain with SAV implemented) or the mail (even
>> legitimate!) just will not pass...
>>
>> Once I'll try this on two or more such systems (in parallel!) and see
>> if
>> they will DoS each other...

>
> No, Matus: they don't cycle.
>
> An MTA willing to check the existence of a sender address would do this
> before its reply after end of DATA (i.e.: after having received the
> message). Instead, an MTA would inform its peer of a non-existent mailbox
> after RCPT-TO (with a 5XX error code), which is well before DATA.
>
> The checking system need not proceed to DATA in order to check the existence
> of a mailbox, so there is no cycle...



I believe the more direct reason why there wont be a cycle/loop is that:

When doing SAV, the checking host should set its "Mail-From" to "<>".

So, if someone tries to send me a message from joe@example.com, and I
were to use SAV (which I don't), then the SAV check should have these
transactions:

HELO $MYHOST
Mail-From: <>
RCPT-To:
QUIT


The reason why this shouldn't cause a loop is that RFCs specifically
state that <> a valid Mail-From, and should always be accepted.
Therefore, the other side should never reject (and therefore never
check) the validity of <> as a mail-from.