On Tue, May 10, 2005 at 02:54:33PM +0200, Julian Mehnle wrote:
Generally internal MTA's fully trust their border MTAs not to lie, (and
they know who these trusted MTA's are), but there's no way for an MUA
reading the mail that passed through the internal MTA where the internal
trust border ended.
(I should have added "without something like X-Trust-Previous-Hop:".)
Yes, there is. Do an MX lookup on the receiver domain.
Problems:
1. I don't fully understand how that's supposed to work.
How do MX lookups within an example.com domain let you
define a trust map within example.com of which machines
fully and completely trust which other machines as far
as email is concerned?
2. It requires "internal" mx lookups to be externally accessable,
and match the external answers.
(For instance, if a data-center machine wants to connect to a
particular internal mailserver, and it asks for an MX within
the data center network, it might get a different answer than
an mx query made elsewhere.)
2. It requires the MUA to have an internet connection to simply
interpret and display authentication results.
Looking at this set of abbreviated email headers:
Return-Path <user(_at_)example(_dot_)com>
X-Trust-Previous-Hop:
Received: from machine5.example.com
X-Trust-Previous-Hop:
Received: from machine4.example.com
X-Trust-Previous-Hop:
Received: from machine3.example.com <-- Border MTA
Received: from machine2.example.com
Received: from machine1.example.com
Received: from machine0.example.com
machine3.example.com is the border mta, which accepted an email whose
first Received: line falsely claimed to be within the example.com
domain.
By looking at X-Trst-Previous-Hop, an MUA can 100% of the time
immediately see that it can trust claims back through the "Received:
from machine3.example.com" line.
By doing MX queries, I don't see how that's the case.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com