Re: [ietf-smtp] Endless debate on IP literals
Keith Moore <moore@network-heretics.com> Wed, 01 January 2020 19:08 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA6E1200D8 for <ietf-smtp@ietfa.amsl.com>; Wed, 1 Jan 2020 11:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qbfFk2AJFkvF for <ietf-smtp@ietfa.amsl.com>; Wed, 1 Jan 2020 11:08:03 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F4941200D7 for <ietf-smtp@ietf.org>; Wed, 1 Jan 2020 11:08:03 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id B559321DC1; Wed, 1 Jan 2020 14:08:02 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 01 Jan 2020 14:08:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PU6LsC oPAmVhbtembRV8HxoUzr8XDW7AqOz0DOawvUE=; b=sGL1QR0aBHYH66NWqwKsuo q8Zr2Eiwk0w3W5p43ICpl0mkMA6CAzQx0VUjlsNo+6UtkQQoUEAdwRpKskwgXVix d7RIKr7933jT5dq0UxaCHDGyVcUNrBaEdf5UgkQ0Epv7UmBCn5bA84QLFrK7e9gI QracSImP5CGLc4QyJkennpy0mBCxb6ppqEZmtsF6+7mqKw0cyks0UVH1+mDB2nnc 7uNkdBD30s5mlWbXU/32GFv8LhHTXblWtO6BYudryzj9/V+Di3Nkoh9u45yj1jQF +nRFqV+YdmhmDljeijjhKTwwuDeS3nM7a5h8dwZUW1P26EdkJJxCpfkOAjxIF+xA ==
X-ME-Sender: <xms:Eu4MXhHxpY7a0g1JP_VCFkFZdE99v8LIU5k95VZqtULXGRJlAoWSZg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdefledguddvtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefuvfhfhffkffgfgggjtgesrgdtreertdefjeenucfhrhhomhepmfgvihht hhcuofhoohhrvgcuoehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh eqnecukfhppedutdekrddvvddurddukedtrdduheenucfrrghrrghmpehmrghilhhfrhho mhepmhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmnecuvehluhhsth gvrhfuihiivgeptd
X-ME-Proxy: <xmx:Eu4MXpkRlPkbbDTkvMRfLSgxUJFPEJvYsMqK8Xh3e8euUsfd07BsBg> <xmx:Eu4MXnNgdjyaMxNSE5UH4DNRCqoUkdW4GJQyBv-MDE9cQPDKagJi_Q> <xmx:Eu4MXhGenYX_3UtdfuJiXOnuHUNR-xW3vdlGpBpEowqVFjJO10JvtQ> <xmx:Eu4MXpxMathxdGSaha12lgnc6yykc3GSe_Miju1ie2wNdujdYUWNNg>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 997A480061; Wed, 1 Jan 2020 14:08:01 -0500 (EST)
To: John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20200101183846.38F7811E2E72@ary.qy>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <64f30fa9-ab2a-fe48-f324-426ed48b7091@network-heretics.com>
Date: Wed, 01 Jan 2020 14:08:00 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20200101183846.38F7811E2E72@ary.qy>
Content-Type: multipart/alternative; boundary="------------5E3A3B7EC50589D7691817C4"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/KWFICmfIXZLcEELNkexnz_TbhY4>
Subject: Re: [ietf-smtp] Endless debate on IP literals
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jan 2020 19:08:07 -0000
On 1/1/20 1:38 PM, John Levine wrote: > In article<482744ba-3a37-1fd8-48dd-0d8f58524abe@network-heretics.com> you write: >> I've been wondering if there's a need to talk about (for lack of a >> better term) "pre-submission relaying" which happens when a message is >> (for whatever reason) not initially submitted to a real submission >> server that does whatever sanity checking and fixup are needed to make >> the message suitable for relaying into the global email system. > I don't see any need to tie ourselves into knots about this. If you > want multiple submission hops before the real submission server, you > don't need to do anything special beyond ensuring that at each hop, > the server end has some way to limit who's relaying through it. It > might be by IP range, or client authentication, or any of a variety of > other hacks invented over the years. (POP-before-Submit, known in the > old days as POP-before-SMTP, comes to mind.) > > My DMA submission servers do submision relay. It works fine. I agree that this isn't rocket science for anyone who really understands email, knows how to configure MTAs, and controls the entire signal path up to the submission server. I also believe that most existing MTAs are perfectly capable of being configured to properly play any of these roles. In my mind the question is: how to explain to ordinary operators, administrators, IoT device vendors, etc. how to make this work well? If someone is developing an IoT device that needs to send mail, what is that device required to do, what configuration options should it offer, etc.? If an IT person in some enterprise is arranging for that enterprise's IoT devices to be able to send mail, what service do they need to provide, on what port, etc? Does a submission service that's in the signal path for outgoing mail for such devices need any special configuration or considerations to be able to handle such mail? (For example, does it need to be able to rewrite sender addresses containing IP address literals to make them globally meaningful while still being distinct from one another for different sender hosts?) If the operator of the IoT devices can say to the enterprise IT person - I need an instance of service X, as defined by RFCYYYY, that might make things easier and reduce the amount of gratuitous meddling that people do with email. Similarly if the developer of the IoT device knows exactly what the messages should look like and what service to interface to, that might make configuration of such devices either and reduce the chance that special measures will be needed for that device's email. But I also have seen occasions on which even experts trying to do the right things, disagreed about how to do those things, in ways that caused problems when their systems interacted. So I'm not sure that the standards are only for "ordinary" operators, etc. Keith p.s. I somehow doubt that we should recommend authentication based only on IP address at any level, though. That's poor practice even for a small network that assigns static IP addresses to all of its hosts. More broadly there's a widespread misconception that isolated networks are not subject to security threats or that perimeter defenses are sufficient to protect them, even when such networks are used to manage critical infrastructure or equipment that can create hazards if not properly managed.
- [ietf-smtp] Possible cont4ibution to moving forwa… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Jeremy Harris
- Re: [ietf-smtp] Possible cont4ibution to moving f… Alessandro Vesely
- Re: [ietf-smtp] Possible contiibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contiibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contiibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… S Moonesamy
- Re: [ietf-smtp] Possible cont4ibution to moving f… Barry Leiba
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- [ietf-smtp] It's not about IP-Literals, its about… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals John C Klensin
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Jeremy Harris
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] SMTP client certs John Levine
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Richard Clayton
- Re: [ietf-smtp] Possible contribution to moving f… John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Alessandro Vesely
- Re: [ietf-smtp] Possible contribution to moving f… Hector Santos
- Re: [ietf-smtp] Possible contribution to moving f… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Arnt Gulbrandsen
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Ned Freed
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Ned Freed
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- [ietf-smtp] lounging around Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] lounging around John Levine
- Re: [ietf-smtp] Endless debate on submission auth… John Levine
- Re: [ietf-smtp] lounging around John Levine
- Re: [ietf-smtp] lounging around Keith Moore
- Re: [ietf-smtp] lounging around Dave Crocker