There was ... extended .. discussion on draft-hutzler-spamops-04 on
the list. Maybe folks should re-read the revision. Personally I
think it's better; not sure if it addresses some of the high-level
BEST PRACTICES FOR SUBMISSION OPERATION:
MSAs MUST perform authentication on the identity asserted
during all mail transactions on the SUBMISSION port, even
for a message having a RCPT TO address that would not cause
the message to be relayed outside of the local
==> w/ local submission, is the IP address being local sufficient? I don't
think the doc takes a stance on this, and this is pretty important as those
local users should not need to generate specific identities.
BEST PRACTICES FOR SUPPORT OF EXTERNAL SUBMISSIONS:
Traffic Identification -- External Posting Versus Relaying:
For email being received from outside their local
operational environment, email service providers MUST
distinguish between mail that will be delivered inside that
environment, versus mail that is to be relayed back out to
the internet. This allows the MTA to restrict this
operation, preventing the problem embodied by SopenT
relays. Note that there are situations where this may not
apply such as secondary MXs and related implementations
internal to an operatorRs network and within their control.
==> what does traffic identification (at MTA?) have to do with message
emailRs delivery from MUA to MSA, otherwise known as submission.
==> s/R/'/ other such later on
physical platform separation is increasingly common
==> add period
for both external AND LOCAL users for simplicity.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Ietf mailing list