Re: [ietf-smtp] broken signatures, was Curious

Hector Santos <hsantos@isdg.net> Wed, 22 July 2020 01:48 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 530EC3A0825 for <ietf-smtp@ietfa.amsl.com>; Tue, 21 Jul 2020 18:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=asX7p4Nn; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=SlCt++4b
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QFQqTi-0KygL for <ietf-smtp@ietfa.amsl.com>; Tue, 21 Jul 2020 18:48:23 -0700 (PDT)
Received: from mail.winserver.com (ntbbs.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 590303A0823 for <ietf-smtp@ietf.org>; Tue, 21 Jul 2020 18:48:23 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2196; t=1595382496; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=J4xmKFUtZV3Wqz9PRkSU0S9X910=; b=asX7p4Nn2u5BOUxUX3I50lB2UFNMjAjVNQ6RnFNVZfUzQGYT1cTo0lLcPUm2du gYIpEBcvm2wFNwBOf5GEy9TwpJaEfQS3AkwD/3HLZ4HJDM5zK+ZtuxIUx5hip0ue OpCTruyEBRKQlHP2TiKPjafLIyZ0+s1klcz2e3oYRvqA0=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for ietf-smtp@ietf.org; Tue, 21 Jul 2020 21:48:16 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1814795759.1.7028; Tue, 21 Jul 2020 21:48:16 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2196; t=1595382395; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=nooiOB+ o+6baoyTGAVx3EXANKjPjxsDnojIx05vrDfw=; b=SlCt++4bqmgAM9eKHqry7XG wO7jTN1BciPWeHMfmmWzmnVmrU548y+8U0lGy9ArMJyznI/eiyBtiFREI0MrQ55s 8CytRCYvvQ9zixTWQuGEbMYLUv74JHrOeYakb5ymY3DfrCSuZSCu93GrpiUGO0Sk X50IIgMJ4DrxwmxHb2eI=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for ietf-smtp@ietf.org; Tue, 21 Jul 2020 21:46:35 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1525570375.1.29768; Tue, 21 Jul 2020 21:46:34 -0400
Message-ID: <5F179ADF.3080308@isdg.net>
Date: Tue, 21 Jul 2020 21:48:15 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20200721201938.D4F7D1D5CAD3@ary.qy> <5F1753DF.5000106@isdg.net> <511f7536-cdc0-0bd3-e0bc-f5caa25fbd90@pscs.co.uk>
In-Reply-To: <511f7536-cdc0-0bd3-e0bc-f5caa25fbd90@pscs.co.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/UCGkeklhuZlLqYreGBA9zQpIWCg>
Subject: Re: [ietf-smtp] broken signatures, was Curious
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 01:48:30 -0000

On 7/21/2020 5:41 PM, Paul Smith wrote:
> On 21/07/2020 21:45, Hector Santos wrote:
>>
> Hmm, my view is that the headers should be at least vaguely useful at
> the recipient end. That means that OK examples could be:
>
> - an old (non validating) DKIM record
> - X-Virus-Scanned: amavisd-new at amsl.com
> - X-BeenThere: ietf-smtp@ietf.org
> - X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
>    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
>    DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001,
>    SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
>
> But useless ones could be:
> - X-Data: E5-cx76azc4-nr189/4/434-00019lcm
> - X-GRID-REF:  ...
> - X-MA-Instance: ....
> - X-PP-Email-transmission-Id: 407b928e-cb6d-11ea-a29f-b875c0aa69dc
>
> (The above are real examples from some recent legitimate messages I've
> received)

My point is that at a minimum, if you were to write an MUA, once also 
called Mail Reader/Writer, the fields for the Reader layout viewport 
would be, in no specific order, Date:, From:, To:, Subject: and you 
really don't need anything else.

But at a local MUA level, there are other things as you pointed out. 
Your package may be utilizing extra concepts, Status, Multi-Mime, X-* 
related stuff, including DKIM.

A lot depends on the mail is storage. It can be prune is all I am 
saying and we have been doing it for a long time.   Its a fundamental 
feature in Wildcat! where the user has the option to "[_] Preserve 
Mime." If enabled, then the mail is stored as is, raw RFC5322 format. 
  If disabled, the minimum required fields are extracted and then some 
for supported features.  The rest are not stored.  The only time a 
user really need to Preserve Mime is when the mail is not rendered 
locally, but passed to an offline MUA. The offline MUA has to deal 
with the display.  With the Online MUA, which I suspect is a major 
direction, back to a centralized concept, the backend has all the 
power to do whatever it needs to do from a display standpoint. It 
doesn't all the extra meta headers.


-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos