IETF Logo Mail Archive

Re: IETF Policy on dogfood consumption or avoidance - SMTP version

Hector Santos <hsantos@isdg.net> Tue, 17 December 2019 19:02 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B861208A4 for <ietf@ietfa.amsl.com>; Tue, 17 Dec 2019 11:02:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=cnhRT+4w; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=zlD/jpgq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l3MxFMJOiUqa for <ietf@ietfa.amsl.com>; Tue, 17 Dec 2019 11:02:41 -0800 (PST)
Received: from mail.winserver.com (secure.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 068B2120C9B for <ietf@ietf.org>; Tue, 17 Dec 2019 11:02:40 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2184; t=1576609353; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=AjMOu/bd1UYK3RNrHiLzFM0G1UM=; b=cnhRT+4wI28Ew8ZI6bgjlXDcJMyrsmuVVFepncjBa662nUVctDi/RaRAUPUZvo j1p9zEf/5vtVKBAASIam9gAm7mYnX/50upChcXL8doU6ZeHUXAgyLG7jr0Tm2Xuj 0MmmtnXZN5iX/xLRRWKMY3TKhxjjH+c3MJiPZZzQ8hTS4=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Tue, 17 Dec 2019 14:02:33 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 221735351.42331.3940; Tue, 17 Dec 2019 14:02:31 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2184; t=1576609195; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=DuwW3qY biWvOUXMt9H6jzM15ncImhU+F8URl1N8+1es=; b=zlD/jpgqB1Fu32Mu8HFKmnJ yGpadDLYuOM82hVSjd56TMpaFcy3aYIo7O/h6s01XyGbHH8NVSYEj5EL5AaeEMJj wpgvXYQWKD3YgvoMy5aWmRISSPcs7Smnv1akPaDf4+HDkKdGVARrDVMCvO+F7/7U Jx6UdxvOCQoVCx/Skw1c=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Tue, 17 Dec 2019 13:59:55 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 784375703.1.4508; Tue, 17 Dec 2019 13:59:54 -0500
Message-ID: <5DF92645.2090909@isdg.net>
Date: Tue, 17 Dec 2019 14:02:29 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: Jay Daley <jay@ietf.org>, ietf@ietf.org, IESG <iesg@ietf.org>
CC: Glen <glen@amsl.com>
Subject: Re: IETF Policy on dogfood consumption or avoidance - SMTP version
References: <8EE11B75E1F8A7E7105A1573@PSB> <m2a77ttff6.wl-randy@psg.com> <CABL0ig4Wz-0dk7bsRpaN6pni2rHEc-jPnygwed_Hygy+CiehQA@mail.gmail.com> <16306b3a-63bd-621e-636c-dd7626f74733@foobar.org> <DBADBA1F-5F81-4D14-8AF8-5F340F017DAC@ietf.org>
In-Reply-To: <DBADBA1F-5F81-4D14-8AF8-5F340F017DAC@ietf.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/LUvyN5bpuYo_GU3TFXdh5coPw6A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 19:02:44 -0000

On 12/16/2019 4:46 PM, Jay Daley wrote:
> Hi
>
> While there is not unanimous consensus, I think the mood is clearly to
> leave this as an operational decision.

Hi,

The operation decision appears to be inconsistent in its erroneous and 
RFC2821 violating application of an aggressive mail filter.

Let me state, that am implementer and commercial mail package, 
operators always have the last say and I am always for local policy 
considerations.

But here is I see it:

1) Yes, everyone agree the response text needs to be fixed up, but

2) It is in fact a violation of RFC2821/5321 specification when a 
rejection is applied by a server to a perfectly valid ip-literal per 
specification, and

3) It lacks consistency in its operational decision on what Client 
Mail/Host Names are rejected or accepted.

If a rejection is going to apply to ip-literals, hence enforcing a 
FQDN, then at the very least, it should validate the FQDN.

The mail.ietg.org servers appears to accept any FQDN including a 
existing FQDN which does not match the connecting IP address and a 
non-existing FQDNs:

The mail.ietf.org returns

EHLO [ip-literal]        <- not acceptable
EHLO santronics.com      <- acceptable, but non-matching IP::DOMAIN
EHLO foo.santronics.com  <- acceptable, but not existing domain

Yet, it does not validate the FQDN. Why?

Because we have a history of this FQDN check to be unreliable, hence 
why a MUST NOT reject on the basis of a HELO/EHLO check.

Finally, imeo, to prudent implementators who follow the IETF cogs to 
engineer consistent and logical protocols, it is expected the IETF 
mail servers themselves to also follow the same rules asked of them. 
If the operational decision remain to reject ip-literals but accept 
invalid FQDNs, then the specifications will need to change.  If the 
FQDN are now validity and rejection occurs for mismatches, then the 
specification needs to change.  So to me, its beyond being an 
operational decision.

The next implementer will read what is written it says MUST NOT, not 
SHOULD NOT, or MAY NOT.  We pay close attention to the protocol design 
elements.  The IETF should also.

Thanks

-- 
HLS

v2.23.0 | Report a Bug | By Email