Received: from localhost by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id AAA25853; Wed, 6 Dec 1995 00:06:13 -0500
Received: by cs.cs.utk.edu (bulk_mailer v1.3); Wed, 6 Dec 1995 00:06:08 -0500
Received: from munnari.oz.au by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id AAA25829; Wed, 6 Dec 1995 00:05:51 -0500
Received: from mundamutti.cs.mu.OZ.AU by munnari.oz.au with SMTP (5.83--+1.3.1+0.55)
	id FA14812; Wed, 6 Dec 1995 16:00:06 +1100 (from kre@munnari.OZ.AU)
To: Eric Allman <eric@sendmail.org>
Cc: Harald.T.Alvestrand@uninett.no, drums@cs.utk.edu
Subject: Re: My opinion on VRFY 
In-Reply-To: Your message of "Tue, 05 Dec 1995 17:21:08 MDT."
             <199512052321.RAA00679@jean-baptiste.internetMCI.ietf.org> 
Date: Wed, 06 Dec 1995 15:59:14 +1100
Message-Id: <4306.818225954@munnari.OZ.AU>
From: Robert Elz <kre@munnari.oz.au>


    Also, VRFY should be fast,

For any reasonable use I can imagine, I don't see why this needs to
be true.   It shouldn't be horribly slow, but "fast" I don't
need (minutes is probably OK, hours not).

    The way sendmail handles this right now is to treat VRFY as a check
    to see if the address is valid.

This is good.

    If it is an alias, it checks to see if the alias exists
    (but does not attempt to expand the contents of that alias).

This may not be enough, but (for sendmail specific semantics),
I'd be happy if the alias exists, and owner-alias exiss, and that
passes the verify checks (recursively).   that should be faster
tahn checking the alias expansion in most cases, and good enough
to know that mail will get somewhere.   Large aliases will usually
have an owner-alias - small ones can have their addresses tested
by a VRFY at the destination (if needed).

    If it is a real user, it looks that user up in the
    passwd file (but does not open or expand .forward files).

That's reasonable, it at least demonstrates the user exists.
There's no way to know for sure mail will be deliverable later -
the mail filesystem might be full.

    I'm going to make the possibly contentious suggestion that what sendmail
    does now is correct and that specifications of VRFY that require it to
    take potentially unbounded time would be in error.

Almost, as above.

I would also explicitly check for an address that is rewritten into
a mailer that is not "clever" (sendmailese) and hence does not have
any standard way of address verification you can use (eg: uucp,
but anything !local, !clever) and return the  550 or something
to indicate verify failed.

Mailers other than sendmail should do the equivalent.

kre