Re: [Emailcore] MDAs (was: Re: Delivered-To issues)
Ned Freed <ned.freed@mrochek.com> Fri, 08 January 2021 17:00 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E56F3A1153 for <emailcore@ietfa.amsl.com>; Fri, 8 Jan 2021 09:00:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4v-I2v2utlR for <emailcore@ietfa.amsl.com>; Fri, 8 Jan 2021 09:00:55 -0800 (PST)
Received: from plum.mrochek.com (plum.mrochek.com [172.95.64.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE99D3A1147 for <emailcore@ietf.org>; Fri, 8 Jan 2021 09:00:55 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RU4P483EHS00C5KC@mauve.mrochek.com> for emailcore@ietf.org; Fri, 8 Jan 2021 08:55:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1610124952; bh=kSwQBehupqPeNZNKpSPGvaP7cQMx7ybnS14P9PkWy5E=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=mqsQebhD/NvkA/ZchWc5hxBiPIAvkZ9eGMvNfjkks57A0Dm+rWqMk/AjipCdPUomm bFMo97q6N0ivSQoYvfuCKXtsoIXb7cuiO5iHdgRQVJNZizTrJYxaBf3yMuw0ficWZe uKhlltxZOzfFnVWOGLvx6SnMGhGrPsSL4ZE0dtkw=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="US-ASCII"; format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTUUND7D1S004QVR@mauve.mrochek.com>; Fri, 8 Jan 2021 08:55:49 -0800 (PST)
Cc: Ned Freed <ned.freed@mrochek.com>, emailcore@ietf.org
Message-id: <01RU4P45I2YI004QVR@mauve.mrochek.com>
Date: Fri, 08 Jan 2021 07:30:35 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Thu, 07 Jan 2021 19:00:58 -0800" <44b4b60e-58ce-7ac1-66d3-26c59722722b@dcrocker.net>
References: <20210106170718.9F6335CC249C@ary.qy> <bc5901e1-db8c-be83-54d9-47a48d2134be@tana.it> <9AE5B08FCF664B8F9A7721C2@PSB> <c961c91c-e29a-94aa-62bd-a3c16ded14a@taugh.com> <01RU3P9I4R8W004QVR@mauve.mrochek.com> <44b4b60e-58ce-7ac1-66d3-26c59722722b@dcrocker.net>
To: Dave Crocker <dhc@dcrocker.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/raS370iXSWjc-4UCViwmU-zeyZY>
Subject: Re: [Emailcore] MDAs (was: Re: Delivered-To issues)
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 17:00:57 -0000
> On 1/7/2021 3:31 PM, Ned Freed wrote: > > There's also the relatied issue that AKAIK aliases operations don't > > reenter the > > MTA through a submission operation. > > And this gets to my issues with intertwining aliasing with delivery, and > > the > > suggestion that we can just drop the discussion of aliases versus mailing > > lists. > > > > If we do this then delivery becomes a meaningless abstraction with > > no substance. And while I agree with Dave that we must not let > > implementation details define our model, I get very nervous when > > there's nothing whatsoever in my implementation - or any of several > > other implementations I'm familiar with - that corresponds to a major > > delineation in the model. > Consider: > 2.3.11. Mailbox and Address > ... > standard mailbox naming convention is defined to be > "local-part@domain"; contemporary usage permits a much broader set of > applications than simple "user names". Consequently, and due to a > long history of problems when intermediate hosts have attempted to > optimize transport by modifying them, the local-part MUST be > interpreted and assigned semantics only by the host specified in the > domain part of the address. There's just one problem with this text: This isn't true. It has never been true, and no amount of repetition, compliance language, or anything else will make it true. The obvious example, which I have pointed out many times, is when mailing lists have to decide whether or not a subscribe/unsubscribe request is a match to an address on the list. This means choosing whether or not other people's local-parts are case-sensitive. (There's also the issue of things like unnecessary quoting, which in the interests of my own sanity I'm going to ignore.) The decision is almost always that they aren't case-sensitive, because if you assume they are, the doofus who keeps losing track of his subscriptions and likes writing his or her name in various combinations of mixed caps starts complaining about getting multiple copies. But either way this is absolutely a case where the list is interpreting the local-part. Similar tests for address equality are made by filtering systems for various reasons. These tests may go so far as to assume specific formats for subaddressing. UTF-8 local-parts make this even messier. Right now I expect that i;ascii-casemap is being used, but if UTF-8 local-parts ever do see significant deployment worldwide, this may change, because I expect that people aren't any more consistent about the case of the accented characters they use than they are with the unaccented ones. Another example: Secondary MXes may use forward-caching schemes. In some cases they make educated guesses about the validity of local-parts of the domains they forward to. Sometimes they do this with knowledge about the actual host. And sometimes they just do it. More generally, delegation of authority to interpret the local-part of address happens pretty regularly. Customer requests to implement partial authority over local-parts bother me, but... the customer is always yada yada yada. And then there's SRS, which if you do the full bit involves interpreting the first four characters of a local-part specially if they happen to be "SRS0" or "SRS1". Of course it's tempting to yell, "Bad Puppy!" and get out the rolled-up newspaper to deal with some of these, but when Office 365 implements SRS... good luck. > Interpretation of Local-part is inappropriate for an MTA. Having the > Local-part be globally opaque is an important feature of Internet Mail. > (It has enabled quite a bit of easy extensibility of the decades.) The actual requirement that has been successful in practice is "interpret only when absolutely necessary, and only with consent". (Joining a mailing list means consenting to that list's rules as to how it interprets your address.) And yes, this has worked very well. But it's not the hard-and-fast rule we've documented. > That makes interpretation of local-part an MDA function. Well, if you want to define the function of an MDA and thus "delivery" as "interpret the local part and nothing else", and leave "final delivery" for adding return-path, generating DSNs, etc., that's close to being workable. You still have the problem that there needs to be a path from the MDA back to the MTA that doesn't involve the MSA or message submission, but that's doable. I don't think that's how most people interpret the word "delivery" though. > While, yes, aliasing typically goes through completely different code > paths than normal 'delivery' and 'submission', we should focus, instead, > on scope and responsibility, rather than code. FWIW it doesn't, at least not in our server. And while it's coding thing, I think some mention needs to be made of milter, if only in passing since I don't think there's anything we can do about it. Most MTAs have a well defined and well structured way of determine address locality, one that matches up to the email architecture. And since this tends to either be fully hardcoded or implemented in a base configuration that's rarely changed, it's a significant contributer to why email hasn't had that many problems with people messing around with addresses when they shouldn't. Milter changes this. Since it operates at the MTA level, and includes add and delete recipient that don't respect address ownership, it lets any yahoo who is capable of filling in the blanks in a generic milter server template do really bad things. Again, I don't think there's anything we can do about it other than to continue to hold the line on not mangling other people's addresses. But whether this and other threats justifies ignoring the complex cases in favor of delivering a simple message (sic) is the part of the decision we need to make here. > Either aliasing is in (or after) MDA functionality, or we need to define > aliasing as an integrated part of MTA functionality, which means > local-part is /not/ opaque. Translucent, maybe? > Or we need to define multiple types of MTAs. But I thought that was the > point behind defining MSA and MDA architectural components. I see the main point behind the MDA and MSA as being the places where final delivery and submission occur. This approach is also far from perfect: Among other things it makes a mess of the placement of sieve, since the sieve specification is clear that sieve can happen anywhere from right after the determination an address is local to long after final delivery. (And subsequent specifications have extended sieve to operate on message motions inside the mesage store, including messages which may never have touched the transport infrastructure, which while useful is something of an architectural disaster.) But we already have to accept that the block diagrams don't align with implementations; we may also have to accept that they oversimplify actual flows between components. (We have multiple customers who use MTAs queues to implement a backup facility for their message store. I wish I was making this up, but I'm not.) Ned
- [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] Delivered-To issues John Levine
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues John Levine
- Re: [Emailcore] Delivered-To issues John R Levine
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] Delivered-To issues John R Levine
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues Jeremy Harris
- Re: [Emailcore] Delivered-To issues John Levine
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] Delivered-To issues Jeremy Harris
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues John Levine
- Re: [Emailcore] Delivered-To issues Jeremy Harris
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] Delivered-To issues John R. Levine
- Re: [Emailcore] Delivered-To issues Jeremy Harris
- Re: [Emailcore] Delivered-To issues Alessandro Vesely
- Re: [Emailcore] Delivered-To issues Alessandro Vesely
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Return-Path and Delivered-To issu… John Levine
- Re: [Emailcore] Return-Path and Delivered-To issu… Dave Crocker
- Re: [Emailcore] Return-Path and Delivered-To issu… John R Levine
- Re: [Emailcore] Return-Path and Delivered-To issu… Dave Crocker
- Re: [Emailcore] Return-Path and Delivered-To issue Claus Assmann
- Re: [Emailcore] Return-Path and Delivered-To issu… Alessandro Vesely
- Re: [Emailcore] Delivered-To issues John Levine
- Re: [Emailcore] Delivered-To issues Alessandro Vesely
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues Dave Crocker
- Re: [Emailcore] Delivered-To issues John C Klensin
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- [Emailcore] MDAs (was: Re: Delivered-To issues) John C Klensin
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… John R Levine
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… John C Klensin
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Ned Freed
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Ned Freed
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Ned Freed
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… John C Klensin
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Dave Crocker
- Re: [Emailcore] MDAs (was: Re: Delivered-To issue… Alexey Melnikov
- Re: [Emailcore] Delivered-To issues Brandon Long