[Top] [All Lists]

Comments on draft-freed-sieve-environment-04

2008-03-19 01:22:35

If the SMTP session was over IPv6, what should the "remote-ip" environment item be set to? Perhaps there should be a prefix on the value that indicates the address family, or it should be formatted like the 'host' part of URI?

Note that the obvious test of
        environment :matches "remote-ip" "*.*.*.*"

will match an IPv6 address literal if the implementation uses the
form, such as with the IPv4 compat addresses, ala "::FFFF:".

(Yes, this thought was triggered by the "IPv6-only" experiment during the IETF technical plenary.)

There probably should be a security consideration that explains that the value of the "remote-host" item may be controlled by an untrusted source. For example, the test
        environment :matches "remote-host" "*"

is *not* a good way to test whether the message came from 'outside' unless the implementation there's some sort of IP->host->IP consistency check made.

(The sendmail MTA faced the above issues some time ago for the pre-defined variables it provides to its rulesets. To quote the sendmail operations guide, it defined variables as follows:
           The  IP  address  of  the  SMTP   client.    IPv6
           addresses  are  tagged  with  "IPv6:"  before the
           address.  Defined in the SMTP server only.

           The host name of the SMTP client.   This  may  be
           the  client's  bracketed IP address in the form [
           nnn.nnn.nnn.nnn    ]    for    IPv4     and     [
           IPv6:nnnn:...:nnnn  ] for IPv6 if the client's IP
           address is not resolvable, or if it is resolvable
           but  the  IP  address  of  the  resolved hostname
           doesn't match the original IP  address.   Defined
           in    the    SMTP    server   only.    See   also

           The  result  of  the PTR lookup for the client IP
           address.    Note:   this   is   the    same    as
           ${client_name}  if  and only if ${client_resolve}
           is OK.  Defined in the SMTP server only.

           Holds  the  result  of  the  resolve   call   for
           ${client_name}.  Possible values are:

               OK        resolved successfully
               FAIL      permanent lookup failure
               FORGED    forward lookup doesn't match reverse lookup
               TEMP      temporary lookup failure

           Defined   in  the  SMTP  server  only.   sendmail
           performs a hostname lookup on the IP  address  of
           the  connecting client.  Next the IP addresses of
           that hostname are looked up.  If  the  client  IP
           address  does  not  appear in that list, then the
           hostname is maybe forged.  This is  reflected  as
           the  value  FORGED  for  ${client_resolve} and it
           also shows up in $_ as "(may be forged)".

While client_ptr and client_resolve are probably overkill for the sieve environment extension, the tagging in client_addr and precise definition of when client_name contains a name and not an address literal seem like practical guidance in this area.)

Philip Guenther