Re: [ietf-smtp] Endless debate on IP literals
Keith Moore <moore@network-heretics.com> Wed, 01 January 2020 01:37 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABDF2120077 for <ietf-smtp@ietfa.amsl.com>; Tue, 31 Dec 2019 17:37:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uVbfCMH_MKJd for <ietf-smtp@ietfa.amsl.com>; Tue, 31 Dec 2019 17:37:04 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D14120072 for <ietf-smtp@ietf.org>; Tue, 31 Dec 2019 17:37:04 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 568E74AC; Tue, 31 Dec 2019 20:37:03 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 31 Dec 2019 20:37:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=TwK00j 0yr/LRrmDgwTfeP2QXdpA+yrV/tsAj6guly04=; b=NL+/iZYCvYVa+zKdFDUfid 9/HU5siCqvrl5hKg6WarYKyPWU3OI134ddPAhRa2N81FldmEON6XrJ89LgaF9UGV R3E7+bIa2oaf5LZa7VhiWs0PHv90oWhMN9ndisozzxRq7AzU1zhStbVWfxtJ8SBL 4PQ5z9pqExUAwBBfsxX///hbOfWGrt19lMxv68nb7pZY1ffAD8HqDfaAhtr4F39i oPTwiX1y41Y/FkrE8YH4BEX9ecaaWEqp6wiMuJwi1FCJNCI+vDPKkkIMS9aNtcXd cwWGQtUrFHwAwlU0hYaXG5/sUlsYfeIKToakI4uMssNBeKH7g9AczudaNDoC5JSA ==
X-ME-Sender: <xms:vfcLXo024Yfq29Ho1XAFmih43qDkkkGzgxKyuybAp1Rj89AiaQAx4w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdefkedgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgoufhushhpvggtthffohhmrghinhculdegledmne cujfgurhepuffvfhfhkffffgggjggtsegrtderredtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucffohhmrghinhepqhhqrdgtohhmnecukfhppedutdekrddvvddurddukedtrdduheen ucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvth hitghsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:vfcLXjM3BSUFAE0jMetxTQwYRA7yeOVjQwWF7VBk_xxIN2Stwk7wJw> <xmx:vfcLXlAfZhGHyarYLEUeGurgTR0WfNOBVvVomU3gpcj07RfAAZG9tQ> <xmx:vfcLXqR9krVjjPhbkAKstBLm7HoKUbtodm1gyP1F0OBQGa807SgUZQ> <xmx:vvcLXm93ewr0D9oWridH4MNoDAx5NUtfLlglc5FmPHPTZXL2u4q5eg>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 3F6713060802; Tue, 31 Dec 2019 20:37:01 -0500 (EST)
To: ietf-smtp@ietf.org
References: <20191231185722.B47A411DDA7C@ary.qy>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <e9b6ab71-e25f-d67a-6f4d-e5b2bfee4c49@network-heretics.com>
Date: Tue, 31 Dec 2019 20:37:00 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191231185722.B47A411DDA7C@ary.qy>
Content-Type: multipart/alternative; boundary="------------EDD12835D84D72E0B41EA67D"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/_MGaqpyq1WBF_Oju4_-OgRFNufg>
Subject: Re: [ietf-smtp] Endless debate on IP literals
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jan 2020 01:37:07 -0000
On 12/31/19 1:57 PM, John Levine wrote: > In article <fc8d4d71-39a4-6ca0-608a-d2113b206c5f@network-heretics.com> you write: >> And while clients SHOULD use a DNS name in HELO/EHLO if they have one, >> not all SMTP clients can be expected to have a DNS name. So servers >> SHOULD NOT (maybe MUST NOT) reject mail based on the mere presence or >> absence of an IP address literal in HELO/EHLO. It would be insane for >> a standard to make a recommendation that degrades the reliability of the >> service it provides. > I am reasonably sure that if we compare the number of MTAs sending > legit mail with numeric HELO to the number of spambots doing so, mail > reliability would be greatly improved by completely forbidding them. I am starting to think that it's important to distinguish between (a) SMTP the protocol, and (b) The "globally-relevant Internet public email" service (GRIPE? [*]) that exchanges mail between otherwise-uncooperating [**] DNS-named domains, routing mail by default using DNS MX, A, and/or AAAA records as determined by lookup from the ICANN-specified roots, and exchanging mail using SMTP-over-TCP over the public IPv4 or IPv6 Internet. IMO the two have always been separate, even though the landscape has changed over time and continues to change. And there are many private-use networks (which might or might not be using private or local address space) which use SMTP to exchange mail not only within themselves but also with domains on the GRIPE service, and via the GRIPE service to other private-use networks. I believe the proper scope of 5321bis is the SMTP protocol, or at least, that while the protocol and rules for transmission of mail within GRIPES both need to be specified, they should be clearly separated. Offhand, I suspect it's better if they're addressed in separate documents, but that's just a guess at this point. I think it makes sense to define rules for GRIPE that do not apply to the use of SMTP in general. For example: * all header and envelope addresses MUST be expressed in terms of DNS names rather than IP literals; * all participating nodes MUST have DNS names, which MUST be used in EHLO ; * there MUST be PTR records linking clients' IP source addresses to the DNS names that they use in EHLO; * ESMTP MUST be supported by servers; * HELO MUST NOT be used by clients and MAY be rejected by servers; * all mail relayed via GRIPES MUST be subjected to certain sanity checks and cleanup before such relaying, * etc., etc. I'm not necessarily arguing for any of these rules; I am not sure that I agree with all of them. The point is that if you define a separate service, you can make up rules for that service and also give GRIPE servers advice about how to deal with mail that doesn't (yet) follow those rules, independently of SMTP. And I think it makes sense to raise the bar for GRIPE mail over time, and reduce the amount of acceptable variation in email traffic, without having to revisit the SMTP protocol specification, and without having to impose general requirements on all SMTP servers. [***] However, there will still be a need for private-use networks to be able to relay mail through GRIPE, including to recipients on other private-use networks. > With respect to all of the low performance IoT devices mailing out > status reports, that's submission, not SMTP. (It might be better to not speak of these as IoT devices, because IoT seems to come with vastly different assumptions for different people. But for now...) To me this is at least a separate question. I don't think it makes sense to insist that IoT devices submit mail directly to a submission server that follows the rules for GRIPE, because (for example) the IoT device might initially submit mail to a device which is also on an isolated network, without DNS access, etc. So it might be that the submission server that the IoT device uses, is not capable of meeting GRIPE requirements. It might make more sense to insist that the GRIPE rules apply whenever mail is routed to a mail exchanger, i.e. via DNS lookup of the recipient address domain. And a mail exchanger would be free to bounce or pessimize mail that doesn't meet the GRIPE service requirements, ideally after a predetermined grace period to give everyone time to implement them. (I have some other questions regarding IoT use of mail submission services, e.g. whether RFC8314 is suitable as-is for use on isolated IP networks, or whether IoT devices should be required to use port 587 when submitting mail so that the servers will know they have to treat such traffic differently than message relaying. So there might need to be a separate profile for mail submission on networks that don't have DNS or connectivity to the public IP network.) > You point them at a > submission server that knows what network(s) the clients are on, > cleans up the messages, perhaps does some sanity checking so a rogue > lightbulb can't mailbomb people at qq.com, and forwards on the > messages as an MTA. A Raspberry Pi is overkill for this. Well, maybe not. Some people see IoT networks as involving millions (or even billions) of independent hosts and claim that their networks and services are built for that kind of scale. Happy new year, folks! Keith [*] Not a serious proposal for a name; I just wanted a shorthand notation for it and that's what I came up with in a couple of minutes. Suggestions welcome. [**] If there's explicit cooperation between two or more mail domains, they can make up their own rules for exchanging mail. [***] Though I should probably point out that spammers will learn to conform to GRIPE rules also. But in the long term I think it makes sense for filters to rely more on content, on reliable indications as to whether a message was forged, on authenticated sender identity and perhaps sender reputation, and absence of protocol violations, than on heuristics that don't really relate to any of the above in any strong or enduring way. And GRIPE could also require signing, for instance.
- [ietf-smtp] Possible cont4ibution to moving forwa… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible cont4ibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible cont4ibution to moving f… Jeremy Harris
- Re: [ietf-smtp] Possible cont4ibution to moving f… Alessandro Vesely
- Re: [ietf-smtp] Possible contiibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contiibution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contiibution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… S Moonesamy
- Re: [ietf-smtp] Possible cont4ibution to moving f… Barry Leiba
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Laura Atkins
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- [ietf-smtp] It's not about IP-Literals, its about… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals John C Klensin
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Jeremy Harris
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] SMTP client certs John Levine
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Richard Clayton
- Re: [ietf-smtp] Possible contribution to moving f… John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Endless debate on IP literals Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John Levine
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals Viktor Dukhovni
- Re: [ietf-smtp] Endless debate on IP literals Alessandro Vesely
- Re: [ietf-smtp] Possible contribution to moving f… Hector Santos
- Re: [ietf-smtp] Possible contribution to moving f… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals Hector Santos
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Hector Santos
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Arnt Gulbrandsen
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Possible contribution to moving f… John C Klensin
- Re: [ietf-smtp] Possible contribution to moving f… Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… John Levine
- Re: [ietf-smtp] Possible contribution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Ned Freed
- Re: [ietf-smtp] Possible cont4ibution to moving f… Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Ned Freed
- Re: [ietf-smtp] Endless debate on IP literals Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- [ietf-smtp] lounging around Dave Crocker
- Re: [ietf-smtp] Endless debate on IP literals Keith Moore
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] Endless debate on IP literals John R Levine
- Re: [ietf-smtp] Possible cont4ibution to moving f… Keith Moore
- Re: [ietf-smtp] lounging around John Levine
- Re: [ietf-smtp] Endless debate on submission auth… John Levine
- Re: [ietf-smtp] lounging around John Levine
- Re: [ietf-smtp] lounging around Keith Moore
- Re: [ietf-smtp] lounging around Dave Crocker