ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Three major areas of concentration

2004-03-10 08:39:14
from [Markus Stumpf] [Permanent Link] 

On Wed, Mar 10, 2004 at 07:22:30AM -0500, Meng Weng Wong wrote:

(1) has one dimension: is an IP address allowed to send mail?


Sorry, but not really.
IMHO it is important to understand that at least MTAMARK does not
talk about allowing something. It is about giving an admin a chance
to provide hints about an IP address.
In the case of roaming users, local (to the user) mailservers it is
very important that the IP is still allowed to send mail even if it is
labelled as "not running a public mailserver". However some additional
authorization/authentification may be required (e.g. SMTP AUTH).


(2) has two dimensions: is an IP address allowed to send mail *for a
    given domain?*

I prepared two documents for the Seoul BOF in which I tried to emphasize
the distinction between (1) and (2) above.

  http://dumbo.pobox.com/~mengwong/tmp/comparisons/buildyourown.png


Hmmm ...
in-addr is not a record type, it is a zone, "in-addr.arpa".
MTAMRK populates this zone with TXT records.

In an earlier proposal we used TXT records acccording to RFC1464 like
    8.0.30.195.in-addr.arpa.    IN      TXT     "ASRG.MTA=yes"
    1.0.30.195.in-addr.arpa.    IN      TXT     "ASRG.MTA=no"
However this has the big disadvantage (like it is now again used by John
in the SS proposal) that you have to parse the TXT records, which
provides for a lot of errors like not ignoring case mixed or whitespace
problems like in "ASRG.mta = No".
Another disadvantage is that you have to single out the record you are
looking for amongst a lot of others that could be present also having
the pitfall of the 512 byte packet size.

That's why we chose (after some great talk to Arnt Gulbrandsen, thanks!)
to change it to
    _perm._smtp._srv.8.0.30.195.in-addr.arpa.   IN      TXT     "1"

With my initial statement about giving a hint and leaving it up to
receiving MTA the keyword "_perm" (derived from permission) is
unluckily chosen and should be replaced by something more appropriate
like e.g. "_mta".

Now one can have a specific query and will receive one answer which is
easy to parse, i.e. "1" or "0".


  http://dumbo.pobox.com/~mengwong/tmp/comparisons/familytree.png


This is a great overview, thanks.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What semantics are conveyed, Yakov Shafranovich
Next by Date:  Re: Everyone back from Seoul yet?, Markus Stumpf
Previous by Thread:  Three major areas of concentration, Meng Weng Wong
Next by Thread:  Re: Three major areas of concentration, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]