On Sun, 2004-02-29 at 17:55, list+spf-discuss(_at_)doeblitz(_dot_)net wrote:
--On Sonntag, Februar 29, 2004 16:08:42 -0500 Theo Schlossnagle
<jesus(_at_)omniti(_dot_)com> wrote:
Maybe someone can explain to me why this is an issue at all. If we are
in here mucking with the MTA anyway (for SPF) why don't we just mandate
that the MTA does away with putting the domain in the Received header
like that.
Because RFC2821 states the exact opposite:
- The FROM field, which MUST be supplied in an SMTP environment,
SHOULD contain both (1) the name of the source host as presented
in the EHLO command and (2) an address literal containing the IP
address of the source, determined from the TCP connection.
Note that you MUST supply the FROM field, however it SHOULD contain both
the ehlo string and the address. RFC 2119 section 3 states:
"3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course."
Not being able to intelligently determine that the string passed via
ehlo and the address that is connecting are in fact related sounds like
a fairly valid reason in this circumstance to not include the ehlo
string to me. So what we really need to determine is whether or not
leaving that information out will have consequences other than
uneducated users no longer misinterpreting the header. We should not
reject the idea entirely because precedent has always been to include
both components in the header.
This is just because the client could use either an FQDN or an address
literal - you on the other hand have to record exactly what the client
sent you (and you may put any additional info into comments).
Again, you should, but you don't have to record what the client sent you
via the ehlo.
--
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.