Broken and brain-damaged SMTP servers, chapter 3

[John C Klensin <KLENSIN@xxxxxxxxxxxxxxx>]

Issues in client behavior, again, informational only...

I just had some text in RFC821 called to my attention.  Look at the
tail end of 4.1.1, at the top of page 27:

"The first command in a session must be the HELO command.
..."
"The NOOP, HELP, EXPN, and VRFY commands can be used at any time during 
a session."

Quiz question 1:  The above combination _really_ means (i) "you can use
NOOP, HELP, EXPN, or VRFY anytime, but you have to send HELO before
anything else"  or (ii) "an SMTP server is justified in replying with
503 if the client sends _anything_ in response to the 220 opening
message other than HELO"?
  Note that a particularly narrow reading of the either interpretation
while ignoring the command sequencing tables (section 4.3) would permit
a server to reject QUIT or RSET with a 503 if HELO didn't come first
(these two commands are not on the "anytime" list).  Since a receiver is
required to "stay in the same state" after sending 503, this could
create a model in which HELO was prerequisite for closing a connection.
Silly, huh?

Quiz question 2: Assuming that there are people out there who have
implemented things according to some variation of the second reading, is
the most robust model for sending EHLO in fact to send:
     HELO              HELO
     RSET       or     EHLO
     EHLO
So much for minimizing turnarounds.

Quiz question 3: If you were to send HELO and get an OK and send EHLO
and get a 500, would you feel like you could send MAIL FROM and
continue, or would you have to be suspicious that the "syntax error"
might have left the server in a sufficiently confused state that you
needed to send a RSET and then the HELO again?

Question 4 (extra credit): Are we having fun yet?

    john

p.s. It is, of course, clear to me how this ought to be construed.  The
problem is demonstrating correctness from the text to people who are not
interested in sense.