IETF Logo Mail Archive

Re: [ietf-smtp] IETF Policy on dogfood consumption or avoidance - SMTP version

Hector Santos <hsantos@isdg.net> Wed, 18 December 2019 04:23 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE5C12086E for <ietf@ietfa.amsl.com>; Tue, 17 Dec 2019 20:23:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=KdUIvfVk; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Vy7Nhc/V
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRg4NBPVQib5 for <ietf@ietfa.amsl.com>; Tue, 17 Dec 2019 20:23:15 -0800 (PST)
Received: from mail.winserver.com (listserv.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D63CF120801 for <ietf@ietf.org>; Tue, 17 Dec 2019 20:23:14 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2509; t=1576642984; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=sx65uTrMFrpyKFHARrjF7IyNE68=; b=KdUIvfVkAVtL8K7oz1tRG+ZZP661MtE4gBhwtaauCEP0KoJgvPW4FQ8b6uTYc+ HXAkpMNmRL3KV0JEOt+GLHuBtoKi+Hxf+y3Xd0P7C5crGt20ETyISExvx7GRUYzb 5W0fo8KPsrf0M02f0Yk2CIZT4g6uxQejD3YrNaoYHHGPs=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Tue, 17 Dec 2019 23:23:04 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 255366562.42331.1308; Tue, 17 Dec 2019 23:23:03 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2509; t=1576642828; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=aF+U2Ol 9UrQ+iRhEXCsPuu/X8Gv8QZePp4dkS5188iM=; b=Vy7Nhc/VVT7IJ+9is2hj58k z7qhVDM74VvLdK2nr6ZWbR6h6ktuDKLIdoQgfTDnZTau55MdotXHbqGxAvMY11S6 xQxGatjXCCEnyePEDWf1Jy2Jbm6EhpgnsU/sTwE5NJae9jOm59ymowY61KWXyTgG 4Qx34Bmlv3bDZTWdetrQ=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Tue, 17 Dec 2019 23:20:28 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 818007515.1.5616; Tue, 17 Dec 2019 23:20:26 -0500
Message-ID: <5DF9A9A6.8040000@isdg.net>
Date: Tue, 17 Dec 2019 23:23:02 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: "Salz, Rich" <rsalz@akamai.com>, "ietf-smtp@ietf.org" <ietf-smtp@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [ietf-smtp] IETF Policy on dogfood consumption or avoidance - SMTP version
References: <8EE11B75E1F8A7E7105A1573@PSB> <m2a77ttff6.wl-randy@psg.com> <CABL0ig4Wz-0dk7bsRpaN6pni2rHEc-jPnygwed_Hygy+CiehQA@mail.gmail.com> <16306b3a-63bd-621e-636c-dd7626f74733@foobar.org> <DBADBA1F-5F81-4D14-8AF8-5F340F017DAC@ietf.org> <5DF92645.2090909@isdg.net> <E314E2AC-C69C-4828-AD5F-33C0EFD4E0FE@dukhovni.org> <5DF95EF7.4050200@isdg.net> <09AD6F9E-311A-4000-B830-43AA92C78C46@akamai.com>
In-Reply-To: <09AD6F9E-311A-4000-B830-43AA92C78C46@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Wrg6vPLDsYsic0fL9RYYq56LrPk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 04:23:17 -0000

On 12/17/2019 7:40 PM, Salz, Rich wrote:
>>     We may have to explicitly embed this clause in the protocol:
>>           A "MUST NOT" protocol element MAY be overridden with "550" Policies.
>
> Bleh. We often say "we're not the protocol police."
>
> I think it's always clear that local policy can override.
>
> Is the IETF going to come and arrest it's own website?

No. It should keep it simple - follow the standard protocol.

The bottom line is this breaks code, 37+ years of consistent protocol 
SMTP state machine logic, its not a bad vs good thing, regardless of 
the frequency of usage, regardless of scale, even the hobbyist, the 
entire community, in my long pre-internet protocol design and 
engineering world, a MUST concept is burned in, SHOULDs and MAYs are 
optional features provided to sysops/customers, your switches.

Do it this way, and the network/system homogeneous or heterogeneous, 
it all works.   Due to inconsistent application of some unknown rule, 
it broke a SMTP "standard" protocol.   In lieu of a specific black 
listing/block "trained thing," my concern this gem will most 
definitely begin to be copied and soon enough it will trap more 
clients using ip literals.

Its wrong. its that simple.  I am the OP. I filed the action item.  I 
only discovered it because the long time whitelisted mail.ietf.org 
server changed it's whitelisted ip address.  So a unsolicited mail 
sender CBV (Call Back Verification) was triggered. It failed due to 
the mail.ietf.org server violated the RFC2821 protocol. It had no 
legit reason for the rejection.

For the record, a CBV is the most effective spoof/fake reverse path 
filter method that exist.  I have 16 uses of daily statistics to prove 
it, yield 50-80% rejection rates near near-zero (hate to say none) 
false/true positive/negatives.

http://www.winserver.com/public/spamstats.wct

I will follow the cogs with this. Just do the right thing. I am doing 
whats prudent and practice for my compliant SMTP package ALWAYS. In 
fact, we filter on violations of the ip-literal mismatches. I am not 
going to reject legitimate SMTP compliant machine HELO/EHLO 
ip-literals. If my sysops and admins want to do that, thats up to them 
but its not coming from me, I am not going to encourage it because 
there is absolute no legitimate reason to do so and I think the 
mail.ietf.org admins, whoever, are wrong about this. It is unfair to 
Klensin and the mail community who work hard to get these things right.

I'm done.

--
HLS

v2.23.0 | Report a Bug | By Email