ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Domain-Authorized SMTP Mail

2003-03-18 14:08:22
from [David Green] [Permanent Link] 
On Tue, 2003-03-18 at 14:32, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

On Tue, 18 Mar 2003 14:18:19 EST, David Green said:

The vt.edu domain certainly only has a few authorized outgoing smtp
relays. I don't think they handle enough mail to justify a server farm
of 200 servers just for their email.

The question is whether AOL.COM has few enough authorized outbound relays
that it fits in a single 512-byte UDP DNS query.  I know they can't fit
all their inbounds into one packet, so I suspect the outbounds don't either.


If the DNS system is broken, that is a subject for another list.


Thats why the asrg(_at_)ietf(_dot_)org address would have to be used for
authorization.

Hey, what do you know... asrg(_at_)ietf(_dot_)org isn't in the From: - in 
fact, if it's
bcc:ed it may not appear in the RFC822 headers *AT ALL*.


Majordomo masquerades as other people when it relays emails. This is
precisely what we want to prevent. The From: should be changed to the
name of the mailing list.


The copy from you to me would be authorized as coming from you. The copy
from you to the mailing list would be authorized by Majordomo to be
coming from you.

Majordomo may not be able to authorize it - see my discussion about MX
handling, which also matters in case of firewalls and mail servers in the DMZ.


After leaving the public Internet, all internal mail servers should be
set to trust each other if they plan on relaying to each other.


When the mailing list resends the message, the message
would be checked by each recipient's MX as coming from 
asrg(_at_)ietf(_dot_)org(_dot_) As
you see, the From: starts to have real meaning.
If my MX trusted mail.mx-are-us.com, it would not strip the
Authorized-By header.

But that's not what your draft said.  It said it *MAY* be configured to
do so.  MAY means its *optional*, not "you have to do it for it to work
the way you expect" - that's what MUST is for.


I'll work on this.

David Green

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Amend the RFC to require reverse DNS, Sauer, Damon
Next by Date:  Re: [Asrg] Amend the RFC to require reverse DNS, Chris Lewis
Previous by Thread:  Re: [Asrg] Domain-Authorized SMTP Mail, Chris Lewis
Next by Thread:  Re: [Asrg] Domain-Authorized SMTP Mail, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]