ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Intermediate MTA setting MAIL-From

2004-03-23 17:44:51
from [Mark C. Langston] [Permanent Link] 

On Tue, Mar 23, 2004 at 04:20:12PM -0800, Dave Crocker wrote:

Mark,



Who has authority to set the mailfrom?

MCL> The original sending entity, plus any MX handling the mail.

Huh?  Why should an MX (ie, a relay) have authority to redirect bounces?



Well, I agree that bounces should go to some source capable of reacting
to them, and that one of those bounce recipients should be the
originating entity, but must that source be the original sender only?

[snip and apologies.  I had laid out a scenario in which the MX would
rewrite the ENVELOPE-FROM, and act on bounces for the originating
entity, but I realized in writing it that what I was describing was a
system in which mail is forwarded on behalf of the originating entity.
Thus, there's no need to rewrite ENVELOPE-FROM...it should always be the
originating entity.  Thank you, Dave, for helping me think that
through.]

However, would allowing the MX to _correct_ a fraudulent ENVELOPE-FROM
submitted by the originating entity be a scenario in which someone other
than the originating entity has the authority to set ENVELOPE-FROM?
If one assumes that the MX has authenticated the originating entity
prior to allowing mail transfer, the MX would be in a position to
determine whether the ENVELOPE-FROM sent by the originating entity was
valid.


MX is outbound, not inbound.   There is no such thing as a "receiving
MX".



Sorry.  That should have been MTA.  I was thinking in DNS record terms.
It's moot now, however, given the above.




All of the proposals under discussion provide a formal authentication
mechanism.  That's what I mean by authentic.



The broadest use of the term, then.  I was reading too much into it.




What will be better?

MCL> I think additional checks would be beneficial, but I see no reason to
MCL> exclude a check on ENVELOPE-FROM.

Folks need to start paying attention to aggregate costs.  They also need
to pay attention to steps that do not provide significant improvements.
A security mechanism with wasteful requirements winds up being less
secure.


I didn't mean to suggest that an acceptable solution would be one in
which only ENVELOPE-FROM checks were performed.  The most benefit may be
derived from multiple checks that support one another, none sufficient
in themselves, except in very small problem spaces.

-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org                                       
mark(_at_)seti(_dot_)org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Intermediate MTA setting MAIL-From, Dave Crocker
Next by Date:  Re: Choice of SMTP headers, John Leslie
Previous by Thread:  Re: Intermediate MTA setting MAIL-From, Dave Crocker
Next by Thread:  Re: Intermediate MTA setting MAIL-From, Jon Kyme
Indexes:  [Date] [Thread] [Top] [All Lists]