ietf-smtp
[Top] [All Lists]

Re: 2821bis ABNF diff

2005-09-08 19:45:13

On Fri, Sep 09, 2005 at 02:02:21AM +0100, Tony Finch wrote:

- top priority, crap like "helo xyzzy" or "ehlo oemcomputer"
  is acceptable for an MSA (ater SMTP AUTH or similar), but
  not from unknown strangers.  It's _wrong_ for (2)821(bis).

  "We" (I hope) want to harden both "hellos", among others.

At the moment this is an operational problem, not a protocol problem. The
standard, backed up by decades of practice, is too weak for an MTA to
treat the EHLO hostname with any strictness.

I beg to differ.

Rfc821 has this to say:

"HELO <SP> <domain> <CRLF>"

Entire section 3.7, especially this part:
  "Whenever domain names are used in SMTP only the official names
   are used, the use of nicknames or aliases is not allowed."

This paragraph in 4.1.2:
 "Sometimes a host is not known to the translation function and
  communication is blocked.  To bypass this barrier two numeric
  forms are also allowed for host "names".  One form is a decimal
  integer prefixed by a pound sign, "#", which indicates the
  number is the address of the host.  Another form is four small
  decimal integers separated by dots and enclosed by brackets,
  e.g., "[123.255.37.2]", which indicates a 32-bit ARPA Internet
  Address in four 8-bit fields."

The glossary:
  "domain"
     "The hierarchially structured global character string address of a
      host computer in the mail system."

Clearly the restrictions are: FQDN, or a specific numeric form but
only if there is no FQDN and communication is blocked as a result.


To be fair, I should also point out that RFC821 does not allow
labels to be two characters (or one) and/or start with a digit:

   <domain>      ::= <element> | <element> "." <domain>
   <element>     ::= <name> | "#" <number> | "[" <dotnum> "]"
   <name>        ::= <a> <ldh-str> <let-dig>
   <ldh-str>     ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
   <let-dig-hyp> ::= <a> | <d> | "-"
   <let-dig>     ::= <a> | <d>
   <a>           ::= any one of the 52 alphabetic characters A through Z
                             in upper case and a through z in lower case
   <d>           ::= any one of the ten digits 0 through 9

An additional problem is that this BNF allows "[12.34.56.78].abc.#123".

Domains were a new concept at that time, small mistakes are to be expected.
Labels less than three characters long weren't invented yet, at that time
labels starting with a digit weren't allowed.  Updated BNF:

   <domain>      ::= <names> | <numbers>
   <numbers>     ::= "#" <number> | "[" <dotnum> "]"
   <names>       ::= <name> | <name> "." <names>
   <name>        ::= <name1> | <name2> | <name3>
   <name1>       ::= <let-dig>
   <name2>       ::= <let-dig> <let-dig>
   <name3>       ::= <let-dig> <ldh-str> <let-dig>
   <ldh-str>     ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
   <let-dig>     ::= <a> | <d>
   <a>           ::= any one of the 52 alphabetic characters A through Z
                             in upper case and a through z in lower case
   <d>           ::= any one of the ten digits 0 through 9

ABNF allows a couple of short cuts:

   domain        = names | numbers
   numbers       = ("#" number) | ("[" dotnum "]")
   names         = *(name ".") name
   name          = 1*(ALPHA | DIGIT) *( *(ALPHA | DIGIT | "-") (ALPHA | DIGIT) )

("#" number  is now obsoleted; need ipv6 variant in return)

I'm pretty sure there is an empty label at the top of the DNS tree, so it
probably should be corrected further:
   names         = *(name ".") name
change into
   names         = *(name ".") name "."

but that would have a really huge impact I guess.

Alex

<Prev in Thread] Current Thread [Next in Thread>