David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
On Fri, 2004-12-10 at 16:44 +0000, Tony Finch wrote:
On Fri, 10 Dec 2004, David Woodhouse wrote:
Some quick notes from five minutes' testing -- accept your own hostname
in HELO even when it comes from 127.0.0.1,
Yes, I think this should be part of any implementation: that localhost
is implied without being present in the list of IP addresses.
and don't screw up cutting and pasting your SRV records in the zonefile...
_client._smtp.canuck.infradead.org SRV 1 2 0 phoenix.infradead.org.
The FAQ example assumes a zonefile origin of the domain itself, and
shows both the client MTA and the EHLO string should be mailhost.domain.
(Did you mean screw-up by omitting the dot after "infradead.org" ? )
In any case, that SRV RR looks to be OK now.
I fail to understand the point of the "don't authenticate me" option in
CSA, and what implementers are supposed to do with that kind of CSA record
that's different from the absence of a CSA record. I *think* you should
just throw away CSA records with weight=3.
Tony is basically correct. Unless you have some other method to
authenticate the matching of IP address to EHLO string, you must treat
the weight == 3 case as "unknown".
Note that checking the A)ddress RR won't work for authentication in
the weight==3 case. This is intended as a warning that the list of RRs
which would be returned is incomplete.
(Also, I take note that there should be a mention of this in the
Best Practices document...)
Maybe, but since it's so confusing I don't _quite_ know what people will
use it for, and for now I suspect that means I should be _accepting_
mail. Err on the side of caution.
The intent is that it should be accepted in the same manner as any
other "unknown" result, and none of the usual tests should be bypassed.
Btw, is my record for 'infradead.org' sane? It seems to have the desired
effect, but is there a better way to do it?
@ IN PTR _vouch._smtp.csv_vouch
_client._smtp IN SRV 1 1 0 localhost.
infradead.org.csv_vouch IN TXT "MARID,1,E"
It's difficult to be sure without an explicit $ORIGIN...
I assume you mean the "@" to be (in this case) "infradead.org".
If so, your examples says that infradead.org recommend checking
_vouch._smtp.csv_vouch.infradead.org. for accreditation info.
(The actual text record would be at something.csv_vouch.infradead.org.)
So, a CSV implementation receiving an "EHLO infradead.org" would find
your TXT "MARID,I,E".
However, your SRV record says that "infradead.org" is "not authorized",
so I'm not sure what point there is in the accreditation stuff...
--
John Leslie <john(_at_)jlc(_dot_)net>