IETF Logo Mail Archive

Re: [ietf-smtp] Endless debate on IP literals

Keith Moore <moore@network-heretics.com> Fri, 03 January 2020 06:09 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7F312006D for <ietf-smtp@ietfa.amsl.com>; Thu, 2 Jan 2020 22:09:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMDsYrITsJH4 for <ietf-smtp@ietfa.amsl.com>; Thu, 2 Jan 2020 22:09:48 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ED52120019 for <ietf-smtp@ietf.org>; Thu, 2 Jan 2020 22:09:48 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id E6A6D22347; Fri, 3 Jan 2020 01:09:46 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 03 Jan 2020 01:09:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=BnC5GsY4Xd2wqYDBMKhQCm/lkPGT1rpDYmEgIada5 YM=; b=Q3iavuhgCht1XpzsTx4e+qL69uMjDsrM1r6RWUcCacQGYTajFGrCXzFbc LCgUZknFA0B9DPwmz0jNu4sQyL9cDbrJ0Vy2HCaPJHZUbjiDHA9voNc2NbFrbbut 6xA9wxzUUX6NldLHjAUk/IA/437zZni8afIWS0AHuxkRL9Ha0++UN2J4ek5JlKr7 akJhSllLji3+gS1VVFAUN/lrQmt547hKBYnonY2TG0YMfGtDmhgqu2MMCLRdAjE2 K8lwRMMAR/N9nV9X3Ujp9T1wTNnofVQaZfEQCBXDvuRToQyU80+Geg5JUfkhhbfu 8Q5F1o0dROxmpb808SBd6tMwmjkLg==
X-ME-Sender: <xms:qtoOXiP_Jk728HS_lEwfmjbUsYm1nUA6w-uifNLmgxlTwJnATjaMRw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdegvddgkeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptgfgggfuhfgjfffkfhfvofesthhqmhdthhdtjeenucfhrhhomhepmfgvihht hhcuofhoohhrvgcuoehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh eqnecukfhppeelledrvddtfedrfeefrdeggeenucfrrghrrghmpehmrghilhhfrhhomhep mhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmnecuvehluhhsthgvrh fuihiivgeptd
X-ME-Proxy: <xmx:qtoOXqRFds-56nx45gcjcxb3xJTPTfr0Eo9MAN4rDD_TT67PSEpZsw> <xmx:qtoOXhRo7kwN_8rp3sEYuWwBjnG3G40fTlMNB3cKj_a9K_kUuksq1w> <xmx:qtoOXsang4GLWG4xcXHx3SDgcU41PFPbCSDj9uXwwekn9-Hih92IwQ> <xmx:qtoOXlRJMv6dRULeBbCbxgqNdYzktWtJDOWQLR6QNyL3ixD-3MLWmg>
Received: from [11.65.233.181] (ip-99-203-33-44.pools.spcsdns.net [99.203.33.44]) by mail.messagingengine.com (Postfix) with ESMTPA id 63CDA80059; Fri, 3 Jan 2020 01:09:46 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <01RFPMURANBO000059@mauve.mrochek.com>
Date: Fri, 03 Jan 2020 01:09:44 -0500
Cc: John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
Message-Id: <4D6707F7-3BE9-4853-BF2D-91CBF958BFB0@network-heretics.com>
References: <01RFPMURANBO000059@mauve.mrochek.com>
To: Ned Freed <ned.freed@mrochek.com>
X-Mailer: iPhone Mail (17A860)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/jrauNSJoJPGbVp_DoBAXRf2k7UI>
Subject: Re: [ietf-smtp] Endless debate on IP literals
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 06:09:50 -0000

> On Jan 3, 2020, at 12:43 AM, Ned Freed <ned.freed@mrochek.com> wrote:
> 
>>  If you can be sure that your
>> network doesn't do that, at least for its internal traffic, port 25
>> submission works fine.
> 
> And others have stringent security policies against mail being sent to any port
> other than 25.

Well, we could recommend against such policies, and also recommend that devices use a different default port for submission.  But it’s probably the case that some sites will still find it easier to override the default and use port 25 than to get silly security policies changed.   

And I expect what that means is that a mail relayer can’t tell by the port used whether to act as an MSA or an MTA.  So sites might need to provision and configure separate services on different IP addresses.  That’s easier than it used to be with virtual machines being common now,  but could still run afoul of IT in many organizations.   Anyway I guess we just make the best recommendations we can with the knowledge that there will be deviations that equipment and software must be configurable to deal with.  Perhaps things will converge over time.

> Getting hung up on which port does what isn't helpful. The goal should be
> to figure out the actual characteristics of the services that are needed.

Yeah it doesn’t matter which port but I do think it would help to further encourage a separation of function between submission and relaying.

Keith

v2.23.0 | Report a Bug | By Email