On Wed, Jun 06, 2007 at 10:32:13AM -0400,
The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote
a message of 30 lines which said:
- 'Email Submission: Access and Accountability '
<draft-hutzler-spamops-07.txt> as a BCP
It seems that there is not a lof of content left from the first, much
more normative versions of this document, which were issued a long
time ago.
Among what is left, I'm concerned about section 3.1 "Best Practices
for Submission Operation" which says "It is also suggested that
operators standardize on the SUBMISSION port for both external AND
LOCAL users for simplicity." and "MSAs MUST perform authentication on
the identity asserted during all mail transactions on the SUBMISSION
port".
Since section 5 "Message Submission Authentication/Authorization
Technologies" mentions only SMTP AUTH and TLS, does it mean that
authentication by IP addresses is forbidden? I ask so because it is
currently the most common way to weakly authenticate local users. Is
it covered by "Depending upon the environment, different mechanisms
can be more or less effective and convenient"?
Side note: on Unix, will cron be forced to authenticate to send emails
at 2 am? :-)
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf