IETF Logo Mail Archive

Re: [ietf-smtp] Fwd: [dispatch] Forced SMTP redirects

E Sam <winshell64@gmail.com> Fri, 10 July 2020 11:57 UTC

Return-Path: <winshell64@gmail.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B71F63A0A9F for <ietf-smtp@ietfa.amsl.com>; Fri, 10 Jul 2020 04:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id isOD1H4TPOid for <ietf-smtp@ietfa.amsl.com>; Fri, 10 Jul 2020 04:57:22 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2E123A0A8B for <ietf-smtp@ietf.org>; Fri, 10 Jul 2020 04:57:21 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id z13so5668141wrw.5 for <ietf-smtp@ietf.org>; Fri, 10 Jul 2020 04:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2lVkyGn/SV+/z05zhJl1yPM0O1dzFG5UE8FUUx/qHms=; b=Eq4UDbw60DmrKUGszGf/kJK5GqdySZzaWaWIjrgeUGKCeoUGua1PnuJm72IV7n+pPa ewlMxrfScPzCkrFXSe/yMSafHYcsSKjjGjRMNxUYEctWn/y5P1aRfQfzMQX4RVt63QaF 8k+j1Zcn3OOYEowIpceE3FE1wP7euwHVLKuYGbbRCVgEOA6xO6s95nuv0BWCmEQbWgpV lu4dEy9s78Gtvg9j9gm7vZI9rAarVXNbY0VLtO4TyR3l+Xv6gtkEa3uxn7/p4dP8rFDn /vIulXIoftNKfVx+qeaksheDBxx4oqpwe25gr9hROS0RkTxBDrgOsIhzkrfNjgmPVQvH 2u8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=2lVkyGn/SV+/z05zhJl1yPM0O1dzFG5UE8FUUx/qHms=; b=UDbnPeKtl7wanBzPVlk89ct2Fa1AS4wEaYbMc+IgNUvJkspeEt7J3C1tOZi8sgyA8v aYjvzWt5OspoAuQhwvEneI3QMh8EecYLZ0eDgkayL6pNiZmqB3uS62sDhXEivOpxQUGp ffZKGQP7CN4IMelAzhRsgk/Ilj4OaaHhggDJJRoWxXmXecqkyQ+VwTlLhRS1nFt8tMCm lqTcdjR0307XDt78V6gnhrl19fK+ks3QP/vrKyrPP8TMRxXt6JilqNOQwEhg3c0Zfrrf kdqlCBNj/QFUwHsgjqrB+7cEubx1y16zFQPZ5N8gWhBCwfWKqkHu6KMjqYMg9mGQyC3b /v7w==
X-Gm-Message-State: AOAM532Acqj0dSZojoQUy64xIFGDy7s5j25iBHtCebk72fmb23UL701N SrsuK+MHOpJfW8mzoTl1gBxLV7gepQX+Se1q0rQIuQ==
X-Google-Smtp-Source: ABdhPJzq89cjt1xmJB5UcBrtlpzphvGffhzgHBKpAkRoOut5HDD6Y13PuSeJDxqsDR2dpX/YBhKUUeYIhKwnRk8sNBE=
X-Received: by 2002:adf:f203:: with SMTP id p3mr39731348wro.331.1594382240020; Fri, 10 Jul 2020 04:57:20 -0700 (PDT)
MIME-Version: 1.0
References: <CAKFo7wkawgk-Yj676kE5MqK8XuebuArMexH-eOdq_Uo7ijdimQ@mail.gmail.com> <20200710015947.0BE2D1C78A2F@ary.qy> <CAKFo7w=MJBt0FdnCcOZCXZWdkd6Jinv4TqwdpefdoaCncbZH3Q@mail.gmail.com> <6AEA7D44C8037B32BC1F3810@PSB>
In-Reply-To: <6AEA7D44C8037B32BC1F3810@PSB>
From: E Sam <winshell64@gmail.com>
Date: Fri, 10 Jul 2020 07:57:09 -0400
Message-ID: <CAKFo7wmJi--ic_rct91d8wBUTq74qYfzMdOz7r+NqwX+f8ZwsQ@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>, ietf-smtp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/5xxBfQhDLld9YmbNvxAHq7M0YdQ>
Subject: Re: [ietf-smtp] Fwd: [dispatch] Forced SMTP redirects
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 11:57:24 -0000

I see, well use of the code/codes wouldn't be required so multihop
relays could refuse to use it. The purpose behind it is mainly people
that want to be able to change their email addresses. As for which
would be the server of "truth", it would be the MX server (in the MX
record) of the original email address. A user would configure their
server to use these new response codes to change their email.

If MTA1 decides to forward instead of 551, then it wouldn;t be needed
to provide the email address behind the multi relay.

In a corporate environment, it would make sense not to use these
codes, but with personal emails, it would make more sense in my
opinion.

If there is an email address belonging to DeliveryMTA, then MTA1
shouldn't use the 551 code. But if there is a email address that is
"hard linked" to another SMTP server (lets say another chain of MTAs
with the MX record pointing at the first link), then usage of the
codes is recommended.

I'll respond to more of your email later as I want to take a deep look
in the issue again.

On Fri, Jul 10, 2020 at 12:01 AM John C Klensin <john-ietf@jck.com> wrote:
>
> Hi.
>
> Well, I largely agree with John Levine except for a bit of
> history that just proves his point.   Many years ago, at sort of
> the dawn of SMTP and at least in the environments I was working
> in, the use of 251 and 551 was fairly common, as was the use or
> VRFY to check out addresses.  Over the years, all three fell
> into disuse as John says.  Especially for the former two, that
> happened at least as much due to concerns about a variety of
> attacks as about information disclosure.  Section 7.5 for RFC
> 5321 at least hints at the problem: if, as an SMTP-sender, I get
> a 557 or 558 (or a 551), I'd better be really sure that the
> system returning that code is authoritative for the addresses in
> question.  That gets especially complicated when there is a
> multihop relay chain and, especially if the practice of opening
> the outgoing connection before the incoming one has completed,
> one cannot tell with any certainty where the report came from.
>
> Also remember that SMTP encourages, nay requires, that if an
> SMTP-sender gets back a reply code it does not recognize, it is
> required to ignore anything but the first digit.  That predicts
> a fairly hard road at this point for new codes that are intended
> to convey subtle information.
>
> Agreeing with John that the underlying problems are not ones
> that new codes will solve and hence that the likelihood of
> acceptance and wide enough deployment to make this useful are
> low, two suggestions:
>
> (1) Stick with 551 but add extended codes that reflect exactly
> what you want and the distinctions you are trying to make.
> There may still be little adoption, but I believe (after not
> much thought) that the chances of harm are lower.
>
> (2) Expand your Security Considerations section (or some other
> section) to consider a broader range of possible attacks and
> configurations.  For example, if encryption is only hop-by-hop,
> any server that has been compromised seriously enough to tell a
> client to rewrote a message probably has access to the plaintext
> in any sort of pipelining situation and likely some others.  An
> analysis of what happens if the server generates these codes and
> the client interprets them as simply 5yz (as suggested above)
> and whether that would cause harm would be in order.  Similarly,
> suppose
>
>    SubmissionServer -> MTA1 -> MTA2 -> DeliveryMTA
>
> Now, let's assume MTA2 is an enterprise server with a list of
> forwarding addresses delivering only virus-checked messages with
> valid addresses to DeliveryMTA  (a plausible situation in
> today's world).  So it generates a 557 code.  As I read your
> draft (perhaps too quickly) you expect MTA1 to forward/resend
> the message to the [new] correct address.  But, if it does, what
> is it going to tell the submission server (if anything)
> especially if it, having received the message and agreed to pass
> it on, has already returned a 250 code and gotten QUIT in
> return.   That takes us into NDN/DSN territory with all of the
> issues associated with those messages, in this case probably
> with a need to authenticate them end-to-end.
>
> best,
>    john
>
>
>
>
> --On Thursday, July 9, 2020 22:47 -0400 E Sam
> <winshell64@gmail.com> wrote:
>
> > Hello all,
> > See the below email chain - I thought it would be a good idea
> > to send this to the ietf-smtp mailing list as well.
> >
> > Thanks
> >
> > ---------- Forwarded message ---------
> > From: John Levine <johnl@taugh.com>
> > Date: Thu, Jul 9, 2020 at 9:59 PM
> > Subject: Re: [dispatch] Forced SMTP redirects
> > To: <dispatch@ietf.org>
> > Cc: <winshell64@gmail.com>
> >
> >
> > I'd suggest reposting this to the ietf-smtp list where people
> > who've been around a lot longer than I have can explain why
> > nobody implements 551 redirects (and as far as I can tell,
> > nobody ever did) and there is assigning a different response
> > code won't change that. It may seem like a good idea, but
> > turns out not to work in practice.
> >
> > FWIW I looked through the last seven months of my mail
> > server's logs and the total number of 551 responses is zero.
> >
> > R's,
> > John
> >
> > PS: There have been some attempts at setting up
> > change-of-address services where you can register old and new
> > addresses, so mail servers could query them after getting a
> > 550, and they never went anywhere either.
> >
> > See US Patents 6,654,789, 6,892,222, and 7,080,122.
> >
> > On the other hand, a lot of mail systems now let users keep
> > their addresses after they leave, ranging from ISPs like
> > Comcast and Spectrum to universities who turn student
> > addresses into alumni addresses. They let you forward the
> > mail, or you can add it to the list of accounts your MUA
> > checks, or either or both.
> >
> >
> >
> >
> > In article
> > <CAKFo7wkawgk-Yj676kE5MqK8XuebuArMexH-eOdq_Uo7ijdimQ@mail.gmai
> > l.com> you write:
> >> Hello everyone,
> >>
> >>
> >> I have published a new internet-draft that might be of
> >> interest.
> >>
> >>
> >> As always, its on the Datatracker:
> >>
> >> https://datatracker.ietf.org/doc/draft-sam-smtp-redirects/
> >
> > _______________________________________________
> > ietf-smtp mailing list
> > ietf-smtp@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf-smtp
>
>

v2.23.0 | Report a Bug | By Email