----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
To: <ietf-smtp(_at_)imc(_dot_)org>
Cc: "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
Sent: Wednesday, June 15, 2005 8:53 PM
Subject: Re: request discussion of two documents on SMTP relaying
| Submission servers MUST NOT disclose the authenticated
| identity of the originator of a message (in the Sender,
| Received, or any other fields, or in the message body, or
| in any SMTP command) unless that identity also appears in
| the originator-supplied MAIL FROM field, From header field,
| or Reply-To header field.
This MUST NOT doesn't fly with option 8.1 in 2476 / 2476bis.
Althougth you point out a conflict, I personally have concerns with any
considerations that introduce potential privacy concerns. This is the
problem with SUBMITTER proposal.
From my standpoint 2476 "legalized" the strong authentication requirement
that removed all user privacy rights.
| An SMTP server SHOULD treat an incoming message as a
| submission if the SMTP server exists for only the purpose of
| mail submission, the server is not listed as an mail
| exchanger for any of the domains associated with the MRN, and
| the server is not otherwise advertised as a mail relay.
I'm not sure what Hector will say about this. In some cases an
MTA just "knows" that it's used as MSA. Okay, "only" a SHOULD.
I'm not sure what context is describe in which "hector" will comment
about this. Our server is a complete MSA/MTA/MDA system that
is fundamentially based on:
- No Authorization is required for Final Destination Mail
- Authorization required for routing.
The only new concept added to our SMTP server is that the Return Path (MAIL
FROM) must be verifiable - spoofed or otherwise - it must not be junk and it
must reflect a valid MX host - zombie or otherwise.
Since authorization is a prearrange relationship, return path validation
overhead is deemed unnecessary.
| MONs SHOULD encourage users to configure their MUAs to use
| Submission servers (rather than SMTP servers) to submit mail.
Yes, that's exactly what you want. And your definition of MSA
doesn't cover "smarthost". That's a major difference from the
2476 terminology if I understand it correctly. I've no problem
with your goal by itself.
But if ESMTP AUTH or IP relay checking is enforced for ISP users, then port
587 is a mute point.
Is it not only me who has difficulties with your terminology ?
Something's odd, SMTP servers intended to provide submission
services (maybe among other services) _are_ submission servers.
Well, we need to clarify that MSA is not necessary a 2476 based SMTP server
usually reflected as a "SUBMISSION" server.
But as I pointed out, to me, RFC 2476 is just an ENFORCEMENT that legalizes
the requirement to use ESMTP AUTH where otherwise is an optional protocol.
No more, no less. You certainly do not need to use port 587 to perform
ESMTP AUTH.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com