On Jun 7, 2011, at 1:18 PM, John Levine wrote:
BTW: Received header fields have always been discussed (not always in a
consistent way) in both the x821 and x822 documents (and probably
earlier than that as well). So you do need to look in both documents to
be sure what you propose is OK :)
Yes, I looked. The syntax in RFC 5322 is considerably looser than in
5321, so 5321 is the spec that matters in this case.
I'm not unalterably opposed to [ip]:port but I worry that it would break
more header parsers than adding a port or lport/rport clause.
parsers that rely on the syntax of comments in received fields should expect to
be broken occasionally.
I don't have a strong opinion between
Received: from ppsw-41.csi.cam.ac.uk ([131.111.8.141]:46703)
by mail.highwayman.com ([10.1.2.3]:25) with esmtp (Exim 4.76)
(envelope-from <rnc1(_at_)cl(_dot_)cam(_dot_)ac(_dot_)uk>)
id 1QTwHl-000JhQ-W1
for richard(_at_)highwayman(_dot_)com; Tue, 07 Jun 2011 14:25:34 +0100
and
Received: from ppsw-41.csi.cam.ac.uk ([131.111.8.141] port 46703)
by mail.highwayman.com ([10.1.2.3] port 25) with esmtp (Exim 4.76)
(envelope-from <rnc1(_at_)cl(_dot_)cam(_dot_)ac(_dot_)uk>)
id 1QTwHl-000JhQ-W1
for richard(_at_)highwayman(_dot_)com; Tue, 07 Jun 2011 14:25:34 +0100
but I do think the former is an extension of a very common convention and is
likely to be readily understood.
Keith
p.s. Though this does beg the question: how useful is it to log port numbers
when there's a very good chance that one or both ends are behind one or more
layers of NATs that don't log state changes? I understand and agree with the
notion that LSN will dilute the value of IP addresses as source identifiers.
But as far as I can tell, they are already of pretty marginal value even
without LSN.