On Tue, 18 Mar 2003 10:43:38 EST, David Green
<green(_at_)couchpotato(_dot_)net> said:
SMTP servers SHOULD remove any Authorized-By SMTP headers of
incoming mail. They MAY be configurable to preserve Authorized-By
headers on incoming mail from a set of trusted servers.
This goes against a long-standing design principle that SMTP servers should
NOT be screwing around with the contents of the headers other than to add
a Received: tag.
That 'MAY be configurable' is a bug. See below.
There's no hint of what an Authorized-By: header would look like.
What defense(s) does this protocol have against DNS cache poisoning?
Note that a large domain may have many MT records. This will cause a dropback
to TCP if the DNS reply exceeds 512 bytes. Take a look at the games that
AOL uses with round-robin on their MX listings so they can have
24 IP addresses listed and still get it to fit in a UDP packet (basically,
they have 4 advertised MX names that round-robin, and they only return
a set of 6 IP addresses for 1 or 2 of the MX's in the 'additional info'.
Hotmail does similar things. And forcing a drop-back to TCP is *expensive*.
Figure out what's the minimum number of RTT's (including the 3-packet handshake
and FIN processing) needed to deliver a piece of mail, both with and without
SMTP PIPELINE. Then add an RTT for a UDP lookup - and then figure out how
many MORE you add if that fails and DNS over TCP is needed....
What domain do you do the query on? You can't just blindly go 2 levels,
as that will piss the admins of 'co.uk' off quite thoroughly. You may
have to go 3 levels in the US - we have departmental mail servers that
you'd have to look under some-dept.vt.edu to find an MT for, since they're
only "authorized" to send mail for their department... oh, and for vt.edu
because that's what many people put on their From:.
You *DID* know that RFC822 and RFC2822 allow a From: to be a *LIST* of
addresses, right? See section A.2 of RFC822 for several examples with
different semantics.
SMTP servers SHOULD perform an MT DNS query on the domain of
the From header. If the incoming mail was sent by a server returned
in the query, the SMTP server SHOULD attach an Authorized-By
header to the message, whose value is the hostname of the server
performing the MT authorization.
Combined with the above, you're left with only the last hop information.
Let's say the mail starts at a Unix workstation, which sends it to a mail
hub. The Auth-By: now lists the workstation. The hub tries to send it to
your server, fails, and sends it to your off-site backup MX service.
The MX nukes the previous AUth-by, and adds one pointing to the originating
mail hub. Your server comes up, the mail starts arriving.
If you don't implement the 'MAY preserve' for mail coming from your MX,
then bad things happen:
1) You remove the Auth-by.
2) You look up the MT RR.
3) Your MX is certainly NOT listed in the MT.
Game Over.
Note that it's *quite* possible for mail to trickle through 3 or 4 MX servers
if there's a widespread net-burp.
Mail User Agents (MUAs) MAY allow the user to filter incoming
messages based on the presence of an Authorized-By header.
What would be *most* useful here is the *original* value of the Auth-by:
header, which almost certainly got wiped out by some host due to the first
part of section 3.
pgpB2PQT0ORhP.pgp
Description: PGP signature