[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-18 10:11:46

| Submission servers MUST NOT disclose the authenticated
| identity of the originator of a message (in the Sender,
| Received, or any other fields, or in the message body, or
| in any SMTP command) unless that identity also appears in
| the originator-supplied MAIL FROM field, From header field,
| or Reply-To header field.

This MUST NOT doesn't fly with option 8.1 in 2476 / 2476bis.

Althougth you point out a conflict, I personally have concerns with any
considerations that introduce potential privacy concerns.  This is the
problem with SUBMITTER proposal.

From my standpoint 2476 "legalized" the strong authentication requirement
that removed all user privacy rights.

I believe this needs to be revisited, as the ability to send anonymous mail is socially valuable. Recipients need to be able to block anonymous mail if they wish to do so, but the MTS should not block it for them.

| An SMTP server SHOULD treat an incoming message as a
| submission if the SMTP server exists for only the purpose of
| mail submission, the server is not listed as an mail
| exchanger for any of the domains associated with the MRN, and
| the server is not otherwise advertised as a mail relay.

I'm not sure what Hector will say about this.  In some cases an
MTA just "knows" that it's used as MSA.  Okay, "only" a SHOULD.

I'm not sure what context is describe in which "hector" will comment
about this.   Our server is a complete MSA/MTA/MDA system that
is fundamentially based on:

    - No Authorization is required for Final Destination Mail
    - Authorization required for routing.

The only new concept added to our SMTP server is that the Return Path (MAIL
FROM) must be verifiable - spoofed or otherwise - it must not be junk and it
must reflect a valid MX host  - zombie or otherwise.

Not that this is relevant to either of the documents under discussion, but it's not consistent with current standards to require that there be an MX record for the domain portion of the MAIL FROM address. It is still valid to have only an A record for that address, or for that matter, only a AAAA record for that address (though in the latter case the address isn't likely to get much mail for awhile).

Since authorization is a prearrange relationship, return path validation
overhead is deemed unnecessary.

| MONs SHOULD encourage users to configure their MUAs to use
| Submission servers (rather than SMTP servers) to submit mail.

Yes, that's exactly what you want.  And your definition of MSA
doesn't cover "smarthost".  That's a major difference from the
2476 terminology if I understand it correctly.  I've no problem
with your goal by itself.

But if ESMTP AUTH or IP relay checking is enforced for ISP users, then port
587 is a mute point.

No it's not, first because source IP address checking and many forms of SMTP AUTH are broken for reasons mentioned earlier; second because it's not reasonable to assume that either all transactions from a particular IP address are submissions or all of them are relays. Submission is (or should be) a different operation than relaying in many respects, and it's important that there be a clear indication of which operation is being requested.

Is it not only me who has difficulties with your terminology ?

Something's odd, SMTP servers intended to provide submission
services (maybe among other services) _are_ submission servers.

Well, we need to clarify that MSA is not necessary a 2476 based SMTP server
usually reflected as a "SUBMISSION" server.

But as I pointed out, to me, RFC 2476 is just an ENFORCEMENT that legalizes
the requirement to use ESMTP AUTH where otherwise is an optional protocol.
No more, no less.

well RFC 2476 does say more than that.


<Prev in Thread] Current Thread [Next in Thread>