--On Thursday, 22 May, 2014 08:05 -0700 Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
...
Let's say your mail server gets a RCPT TO
for a domain it doesn't recognize, e.g. RCPT TO:<bob@f?om>.
Before it rejects it, it does a DNS lookup, and let's say it
finds this CNAME:
f?om. IN CNAME foo.com.
It treats the message as though it were to bob(_at_)foo(_dot_)com.*
Poof, you just set up the CNAMEs or DNAMEs and the mail
server handles them automagically.
I can think of a variety of reasons this would be a bad idea,
but before I start enumerating them, has someone done it
before?
I've never seen a writeup of the issues anywhere.
I haven't either, except for
(1) one case mentioned fairly often (and coincidentally
explained in a lecture today that I'll eventually get online):
it won't work on any predictable way, resulting in user
astonishment.
(2) The example, as written, is simply invalid. SMTP does not
allow single-labels domains. They are explicitly prohibited in
5321 and its predecessors. We've had several conversations
about doing that and concluded not to. So, if the example SMTP
server does that DNS lookup, it in violation of the spec and
nothing meaningful can be said about what is done with it.
For the first case and more generally, the problem is that these
examples keep getting written the way this one was, as bob@f?om
or bob@b?ar.f?om. If f?om and b?ar are intended to represent
IDN labels, the first case is invalid (see above) and the second
one involves the "you only get one shot at an alias" problem,
e.g., if
f?om. IN CNAME foo.com.
exists, then there can be no b?ar.f?om because "f?om" usually
cannot have both a CNAME and a delegation record. b?ar\.f?om)
is another matter, but let's not go there and there is some
question about what happens when a zone break does not occur,
adding up to a situation in which very similar FQDNs get very
different treatment.
If they do not represent, both cases are invalid because 5321
does not allow "?" in a domain name (remember that the DNS specs
cite SMTP as the reason for the "preferred syntax" (aka "LDH")
recommendation).
FWIW, while we removed the restriction that required canonical
names, a discussion with Jon Postel prior to the DRUMS
conclusions identified little issues like the above as part of
the reason the prohibition existed initially, along with the
observation that one could get entirely different behavior out
of the (entirely flat) host table.
john
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp