IETF Logo Mail Archive

Re: SMTP RFC: "MUST NOT" change or delete Received header

Hector Santos <hsantos@isdg.net> Sat, 29 March 2014 16:48 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E33281A07B9 for <ietf@ietfa.amsl.com>; Sat, 29 Mar 2014 09:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.137
X-Spam-Level:
X-Spam-Status: No, score=-101.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqcxCziM2OJM for <ietf@ietfa.amsl.com>; Sat, 29 Mar 2014 09:48:05 -0700 (PDT)
Received: from pop3.winserver.com (ftp.catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id D02461A0651 for <ietf@ietf.org>; Sat, 29 Mar 2014 09:48:04 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4201; t=1396111673; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=6DobR3evTY2prdzlBpMGleoHTEo=; b=c+4csmXnC9slHx7A3TzN J/eGYaI8boTIv1dG8rjoLPx1fbtL9Ubb8DyjL8CCx02G+me/b/X4/uI4I5Otq8g+ i/i9A4Zr7vAOaheaFxh25kN2evcFBMhlgtDQOflSS7X4BqBAxh03MH+XCrXxWYsd DdKGFN0K3SHYO5U6ic1eLAE=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 29 Mar 2014 11:47:53 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1099135052.8462.4072; Sat, 29 Mar 2014 11:47:52 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4201; t=1396111636; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=eZto9+D 5Klv3jndOg7sP5Ip5EkAFPB6CTGOOPWYCuVE=; b=ZCDmwmQ+xGWbR1N+gLf5zoN kvAC1o02cq5tgKg+OnXCjo+46tEt9fFg+hLn8eLTmhd0XkwoKO23m43/eGutpSwb YZnTqwK1Jc5v2bzKqCr2ectMaOBhzmKtZsqHxa+U4ftbLmo9nNRQC8Hnt3dxqTgM xXbzeJVLG7WbqUgq2Dx4=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 29 Mar 2014 12:47:16 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 545392335.9.17456; Sat, 29 Mar 2014 12:47:15 -0400
Message-ID: <5336F93D.6000009@isdg.net>
Date: Sat, 29 Mar 2014 12:47:57 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "Kevin M. Gallagher" <kevin@ageispolis.net>, ietf@ietf.org
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
References: <mailman.1570.1395964793.2468.ietf@ietf.org> <53366F34.8050501@ageispolis.net>
In-Reply-To: <53366F34.8050501@ageispolis.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/SuxlbABIVsDE9UN_nt2FlZ9QSN0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 16:48:08 -0000

On 3/29/2014 2:59 AM, Kevin M. Gallagher wrote:

> What do people today think of the SMTP RFC's current requirement that
> mail programs and servers must not under any circumstances change or
> delete Received: headers?

I will provide a different perspective other than the typical trace, 
debugging and technical support reasons and why they are useful for 
those moments.

There was never a requirement to retain HEADERS at the final 
destination.  The historical main reason is because of gateway 
transformations.  There are other formats that predated x822/5322 
electronic mail storage formats.

The 5321 "requirements" is more about not TAMPERING with passthru mail 
(relays), and there is legal precedence for not tampering with 
transient communications laid out in the 1986 US ECPA.  Of course, the 
mail body content SHOULD NEVER be tampered.  Mail hosting systems such 
as ours were long molded from this ethical mail hosting design model.

> Is exposing sender IP addresses to any
> attacker who can view e-mail headers, for the purposes of preserving
> trace information, really worth it when weighed against considerations
> like security and privacy?

Again, if you are relaying mail, you really have no choice here.  You 
have to keep and pass it on.  If you don't, then you are not playing 
the game right, plain and simple.  You might not be helping the 
downlinks of the message (the true final destinations) if there a 
problem.

So you are really just talking about LOCAL FINAL DESTINATION mail.  I 
think that applies for (meta) data that is created temporarily as 
well, i.e. you might add a trace meta header for your own internal 
mail routing purpose but it is finally pulled before it goes out or 
the end user gets it.   There are a few headers like that, the 
Return-Path is one of them where it is added but then POSSIBLY pulled 
by an implementation.

Historically, they helped in support but yet at the same time, you had 
a small mistrust in them as well as you are suggesting here.  You 
extracted what made possible sense and thats it.  I personally think 
the IP concerns, while possible and real, are very isolated.  The 
support needs are also isolated but I think its one of those things 
where you desire/wish for the information when the relatively few and 
increasingly rare support times comes.

Overall, I always had an strong ethical engineering position on never 
destroying information especially at the passthru (relay) level. 
There is/was legal precedence for this.   At the local level, we also 
had a need to provide mail gateways for other formats and there are 
many headers that are not part of the transformations.  The Received, 
and the potential to have many of them, was not one of them.  When a 
gate was performed, the necessary Network Control Lines, headers that 
allowed for replying and continued network communications to take 
place, where added to "meta" storage. But the the remaining overall 
was pruned.  If there was a support need, you enabled the preservation 
of the full RFC headers and told the user "try it again."

That said, as the mail systems and END-USERS evolved to include more 
multi-media information, like HTML, MIME, etc, it became increasingly 
necessary to PRESERVE the original message format. This became more 
true as users moved away from online to offline RFC reader/writer 
communications, i.e. POP3, where online it (display rendering) was 
fully controlled by the backend server, but with POP3, the backend 
lost the control of what is possibly displayed.

But with the movement or recycling back to online is taking place, you 
don't really need all the headers and there are lots of wasted 
overhead for sure. Most Users don't even know what they are anyway or 
even care.  Its all for those rare support needs and thats become so 
infrequent, who knows, maybe the next big interested I-D would be how 
to clean up all the x822/5322 mess.  Have you see the junk in those 
stuff?  Junk that could expose security related info or just plain 
nonsense that doesn't apply to you anyway.  ALL those X- headers. 
Thats information you certainly don't need 80% (pareto) of the time.


-- 
HLS

v2.23.0 | Report a Bug | By Email