On Friday, June 03, 2005 05:27:55 PM -0700 Dave Crocker <dhc2(_at_)dcrocker(_dot_)net>
In other words, if you are coming from outside the network, you do not
get to "relay" through the network. You can post/submit from within,
you can deliver into the net or you can post/submit from outside.
This, I think is the crux of the problem. The statement above appears to
conflate an IP network with an administrative domain, and assumes that
something belongs to one if and only if it belongs to the other.
Fortunately, that is not what the text Sam originally objected to actually
says. The actual text uses the term "local environment":
o Mail coming from outside an email operator's local environment,
and having a RCPT-TO address that resolves to a destination that
is also outside the local environment, MUST be treated as mail
submission, rather than mail relaying. Hence it must be subjected
to mail submission authorization and validation checks.
Now, connections that come from clients not on my IP network may be from
authorized submission clients which are outside my "local environment".
But, they may also come from clients which are part of my local
environment, but do not happen to be on my local network. I might decide
that a particular client fits that category because of its authenticated
identity, either to SMTP or at some lower layer.
I've tried for the better part of an hour to come up with a scenario in
which this matters. In particular, _any_ scenario in which a message
addressed to a non-local recipient is not either submission or an attack --
whether or not the client is part of the "local environment". I may not
have as fertile an imagination or as much operational experience as some
people in this thread, but I've tried really, really hard. And I've been
completely unable to do so.
So maybe whether to treat such messages as "submission" or not is not all
that important, especially if it is reasonable under some circumstances to
consider a host not on the local IP network to still be part of the "local
However, I do have another concern with this requirement, and frankly I
can't remember whether it's been brought up or not. My concern is with the
phrase "resolves to a destination that is also outside the local
environment", and how it interacts with things like forwarding. If the
CMU.EDU mail exchangers receive a message whose RCPT-TO is jhutz(_at_)cmu(_dot_)edu,
and LDAP says that mail for that address should be delivered to gmail, does
that make it an address that resolves to a destination outside the local
environment? The document is not clear on this, and I'm very concerned
that a wrong answer would result in a lot of incorrectly bounced mail...
Ietf mailing list