Re: [ietf-smtp] MTA-STS reports via HTTPS

John Levine <johnl@taugh.com> Sat, 18 April 2020 21:05 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB39B3A118F for <ietf-smtp@ietfa.amsl.com>; Sat, 18 Apr 2020 14:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.05
X-Spam-Level:
X-Spam-Status: No, score=0.05 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=my0PSpoq; dkim=pass (1536-bit key) header.d=taugh.com header.b=aRKFtEuI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5b-bnHk5_uz for <ietf-smtp@ietfa.amsl.com>; Sat, 18 Apr 2020 14:05:32 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B89303A118B for <ietf-smtp@ietf.org>; Sat, 18 Apr 2020 14:05:26 -0700 (PDT)
Received: (qmail 57863 invoked from network); 18 Apr 2020 21:05:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e205.5e9b6b93.k2004; bh=TUhaq2MXmdq6DpJpjgt6TfYRHK4JdebzUMMX3tiWKq8=; b=my0PSpoqBWExx/JJP0qxcdGQknxtQ6mOpjRx/G8Tkobe5Xxp50Zx+lllBzXXRB6SoHzao0x4CiZmNbsZ+La7/+n5dLVjvjqZ9G8JrxB6pDhpsBsm1Ij2CAHEQNq2N6Eis9EzDxqZMDg5jRvuxZWcmVMiR0VVrngDGfdUuBA6G4G8Z1DJdtxwexVEJI4DxX0Z+J/DDGlzJLqx9jZ/WwQ7wJ7mIwgjq60s8ngoIfpixv5mwHDuyXb8fjYhR4Vzy3Kz
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e205.5e9b6b93.k2004; bh=TUhaq2MXmdq6DpJpjgt6TfYRHK4JdebzUMMX3tiWKq8=; b=aRKFtEuIDhut6lgrBmH4bDuXJe6LI5JfbG3yrM+CKjstPs1+cr04fJOmmGwD+Rm8ELr4vyruxIi6NhFwAwv7kvrRqoyAFFHWpvZARucTOVTN3zh0JX3udNKicnUHnlie4R/gIeeWs3og7PTuoz5H3cYvZNy1Ey8nlwR7eKhJh+Ou2QBZXOyKv8pM9ZSFdCqO7mClMScfo9L+Ss6YBMvuCWoivXOeWasQ0hLpKagJut94rGNf/r2KqSJ4aI+9jFPe
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 18 Apr 2020 21:05:23 -0000
Received: by ary.qy (Postfix, from userid 501) id 5BE7617FD2AA; Sat, 18 Apr 2020 17:05:22 -0400 (EDT)
Date: 18 Apr 2020 17:05:22 -0400
Message-Id: <20200418210523.5BE7617FD2AA@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: ietf-smtp@ietf.org
In-Reply-To: <779A9BEB-3209-4922-80AD-51127B5F4D93@dukhovni.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/vx5pgrqQo2Plaswha24rAKGYj7I>
Subject: Re: [ietf-smtp] MTA-STS reports via HTTPS
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2020 21:05:40 -0000

In article <779A9BEB-3209-4922-80AD-51127B5F4D93@dukhovni.org> you write:
>The reporting address might be cached as part of the policy, perhaps if
>you toggle the "id" field of your _mta-sts.$DOMAIN TXT record, the relevant
>senders will refresh your policy and along with it your TLSRPT record.

It clearly wasn't cached, since the reports all stopped other than the few
from socketlabs that send them via HTTPS.

Now I set it back to both, the mail from Google has resumed but the reports from Comcast
I use to get have not.  I do get mail from Comcast, kind of odd that they're not sending reports.

R's,
John


>
>[ I would have expected TLSRPT to not be cached, and looked up live, but
>  implementors get up to all sorts of unexpected designs. ]
>
>> On Apr 17, 2020, at 8:45 AM, John R. Levine <johnl@iecc.com> wrote:
>> 
>>> JL> My _smtp._tls TXT records have had both mailto: and https: in them, so
>>> JL> I just took out the mailto:.  Will report back.
>> 
>> All of my mail reports stopped, the trickle from Socketlabs continued.
>> 
>> So I added the mailto: back.  Strange.
>
>-- 
>	Viktor.
>