IETF Logo Mail Archive

Re: IETF Policy on dogfood consumption or avoidance - SMTP version

Hector Santos <hsantos@isdg.net> Sun, 22 December 2019 22:22 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD8851200B3 for <ietf@ietfa.amsl.com>; Sun, 22 Dec 2019 14:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.208
X-Spam-Level:
X-Spam-Status: No, score=-1.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=TYfUZrI3; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=usiPgg2o
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E15dnpUxpmxf for <ietf@ietfa.amsl.com>; Sun, 22 Dec 2019 14:22:32 -0800 (PST)
Received: from mail.winserver.com (unknown [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DE4612004A for <ietf@ietf.org>; Sun, 22 Dec 2019 14:22:31 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4099; t=1577053348; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=wsXj6V3DiVns5joFEeexXM7UP3s=; b=TYfUZrI3XXtj9UGT0czD3QmzR16IRCpj69hb8kw4wwAACJ5/aaVOIo4HmGbxUH hJmNSWknz8eyYVRnTOUiRuYHKGvRFPsIgfKV6Z95qZqGKbinu90tJbVPbzlcT5WR Zm6qk6FiS/TvH29Je0ATVPbFta6mte/STBNP+ZJjcABho=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Sun, 22 Dec 2019 17:22:28 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 665726193.1.4388; Sun, 22 Dec 2019 17:22:27 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4099; t=1577053183; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=M8drd// oTEQN84F3GPZ82uoeKR3U1KwTsY4w1VWR7J8=; b=usiPgg2o3WAO00APk1JlM+d zhyi459wT8OHeeACvKqaK5KbhnFZW+SwqczAqsZOLwkDwE+rCgsQiWkwMmei45gr 4KED9oEmqA3EXNC8eCvZ53d3PyQ/72Y5eZAtusSEP8xkuFqOTSR5nzqks4BJr1he ZxHorlTy/KrHHfKCpymA=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf@ietf.org; Sun, 22 Dec 2019 17:19:43 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 1228363125.1.7220; Sun, 22 Dec 2019 17:19:42 -0500
Message-ID: <5DFFEC9D.5060906@isdg.net>
Date: Sun, 22 Dec 2019 17:22:21 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: Valdis Klētnieks <valdis.kletnieks@vt.edu>
CC: ietf@ietf.org
Subject: Re: IETF Policy on dogfood consumption or avoidance - SMTP version
References: <8EE11B75E1F8A7E7105A1573@PSB> <m2a77ttff6.wl-randy@psg.com> <CABL0ig4Wz-0dk7bsRpaN6pni2rHEc-jPnygwed_Hygy+CiehQA@mail.gmail.com> <16306b3a-63bd-621e-636c-dd7626f74733@foobar.org> <4D7EEBF62E149D1F23BA6A32@PSB> <58595081-6F4F-45E2-9798-B691AC919D28@cisco.com> <15D46124EFC1486F3613EF01@PSB> <0D67643B-00ED-482A-BCE0-1CF5A513C61F@cisco.com> <1fdc9df2-b66b-26cc-0e83-e973d30b8ec0@tana.it> <E0C999A5-18A9-4164-814E-3B85034028D2@cisco.com> <5DFBB0FD.2010902@isdg.net> <26902.1576997156@turing-police>
In-Reply-To: <26902.1576997156@turing-police>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/uqKHRux3t_pYGR-aixBIlDwz4EA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Dec 2019 22:22:34 -0000

On 12/22/2019 1:45 AM, Valdis Klētnieks wrote:>
> As it turns out, it wasn't rejecting on that basis, it was rejecting on a "not
> having a FQDN is a very strong spam signal" policy basis and erroneously
> issuing the wrong message.

If the SDO receiver did a PTR lookup for the existence of a FQDN, I 
can see the beginnings of a justification related to the SMTP spec and 
a MTA issuing an ip-literal when a FQDN exist.

But the reality is the SDO receiver does not do a PTR check to see if 
a FQDN even exist.  I tested this case by using a machine without a 
PTR record.  It is doing a flat out rejection of "EHLO [ip-literal]" 
usage.

> Given that there were *two* rules involved, one of which *did* flag an actual
> protocol violation, I'm willing to accept it's just a cut-n-paste error that
> nobody actually noticed for a decade or so...

And what would be the message for the human?

550 Please use a FQDN since one exist.
550 IP literals are no longer acceptable at the site.

or since its not doing a PTR check:

500 Please use a non-ip-literal. Junk host names are valid. We won't 
check.

> And maybe it's time to let that "address literal" sail into the sunset.

In my view, one server behavior, SDO or not, should not represent the 
entire world-wide community of valid mail bots that exist.  We really 
don't have any clue or stats how big this problem really is because so 
far, its only one server, afaik.

Are you ready to blindly accepts SDO reasons, follow their lead and 
reject all EHLO [ip-literal] clients?  Why not try it and give feedback?

The onus should be on SDO site to prove to the community why the 
protocol should be changed and why MTA code should be changed.

> And if you're a full MTA on the public internet today, and *don't* have a FQDN,
> you're going to have a really bad day in 2019, *totally notwithstanding what
> the RFCs say about how it's totally legal*.

In the 16 yrs of using CBV, I haven't had seen a problem nor received 
a report from any customer except for two cases I found; this recent 
flat out rejection of ip-literals by the SDO site and another broken 
receiver who didn't like the HELO command and was enforcing EHLO.  It 
had no problem with using IP Literals as long as it with the EHLO command.

> What consenting MTA's do inside a walled garden is, of course, totally
> up to the administrators involved.  They can use X.400 for all the rest
> of the net cares. We passed the point of a significant divergence between
> "what works in a walled garden" and "what works in the wild" at least
> a decade ago. And at *some* point, that's a big pile of technical debt
> that's going to need to be paid back. At this point, the least bad option
> is probably producing an updated rfc5321/5322 that documents the
> protocol, and a BCP/guidance document of "but here's what you need
> to be doing to ensure you can survive in the wild".

I have a difference of a technical opinion for this particular item 
related to the adherence to a protocol feature of nearly 40 years. I 
don't see a justification for what is a uncommon behavior with 
standard SMTP servers.


If the SDO feels the SMTP community should eliminate it for the sake 
of the public SMTP service good, then propose it, show evidence, show 
legitimate justifications in the IETF-SMTP to convince implementators 
to change their code ($$$) and also update the SMTP specs.  Again, its 
not even doing an PTR check to see if an FQDN exist to use this as a 
reason.  So whatever proposal is offered has to make common IETF 
engineering sense.  This one does not.

If you believe we should tighten SMTP, enforce no ip-literals, always 
a FQDN, then why just raise the bar and go for the maximum payoff 
possible - the big bang, and officially begin to validate FQDN for 
100% correctness, no exception. After all, with the way it is is now 
done by the SDO, if others begin to follow their lead, disallowing 
ip-literal but allow invalid FQDNs, this would be encouraging more bad 
behavior and fact less spam detection.

--
HLS

v2.23.0 | Report a Bug | By Email