If the SMTP session was over IPv6, what should the "remote-ip" environment
item be set to? Perhaps there should be a prefix on the value that
indicates the address family, or it should be formatted like the 'host'
part of URI?
Note that the obvious test of
environment :matches "remote-ip" "*.*.*.*"
will match an IPv6 address literal if the implementation uses the
x:x:x:x:x:x:d.d.d.d
form, such as with the IPv4 compat addresses, ala "::FFFF:1.2.3.4".
(Yes, this thought was triggered by the "IPv6-only" experiment during the
IETF technical plenary.)
There probably should be a security consideration that explains that the
value of the "remote-host" item may be controlled by an untrusted source.
For example, the test
environment :matches "remote-host" "*.mydomain.com"
is *not* a good way to test whether the message came from 'outside' unless
the implementation there's some sort of IP->host->IP consistency check
made.
(The sendmail MTA faced the above issues some time ago for the pre-defined
variables it provides to its rulesets. To quote the sendmail operations
guide, it defined variables as follows:
${client_addr}
The IP address of the SMTP client. IPv6
addresses are tagged with "IPv6:" before the
address. Defined in the SMTP server only.
${client_name}
The host name of the SMTP client. This may be
the client's bracketed IP address in the form [
nnn.nnn.nnn.nnn ] for IPv4 and [
IPv6:nnnn:...:nnnn ] for IPv6 if the client's IP
address is not resolvable, or if it is resolvable
but the IP address of the resolved hostname
doesn't match the original IP address. Defined
in the SMTP server only. See also
${client_resolve}.
${client_ptr}
The result of the PTR lookup for the client IP
address. Note: this is the same as
${client_name} if and only if ${client_resolve}
is OK. Defined in the SMTP server only.
${client_resolve}
Holds the result of the resolve call for
${client_name}. Possible values are:
OK resolved successfully
FAIL permanent lookup failure
FORGED forward lookup doesn't match reverse lookup
TEMP temporary lookup failure
Defined in the SMTP server only. sendmail
performs a hostname lookup on the IP address of
the connecting client. Next the IP addresses of
that hostname are looked up. If the client IP
address does not appear in that list, then the
hostname is maybe forged. This is reflected as
the value FORGED for ${client_resolve} and it
also shows up in $_ as "(may be forged)".
While client_ptr and client_resolve are probably overkill for the sieve
environment extension, the tagging in client_addr and precise definition
of when client_name contains a name and not an address literal seem like
practical guidance in this area.)
Philip Guenther