On 12/31/2019 1:23 PM, Keith Moore wrote:
On 12/31/19 12:33 PM, Hector Santos wrote:
I have two SMTP compliancy-based deterministic filters:
- Machine name ip-literal matching connecting ip because SMTP tells
us it is defined as the IP address of the connecting client, and
This is something that should be clarified in 5321bis, IMO.
You pointed out much of this, I see four basic issues:
a) Get rid of it,
b) Double down on its original purpose and field definition,
c) Clarify whether either a FQDN or IP-Literal can be used, and
d) Provide rejection insights focused on SMTP compliancy.
With hosted end-users, the false positives seen with NATs has been
addressed with the SUBMIT protocol or some other client authentication
that raised the SMTP bar and allowed for receiver restrictions.
With SUBMIT, the wcSMTP server will relaxed EHLO validation since the
session is expected to be ESMTP AUTHenticated. It was the first thing
seen when I added the IP-literal check. I did private and publicly
noted to the SUBMIT editors the implementation experience because
SUBMIT would allow for "authorized" EHLO validation and rejection.
But to me, it would be unnecessary under an expected ESMTP AUTH session.
ietf-smtp mailing list