Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmission Types Registration
Andrew C Aitchison <ietf@aitchison.me.uk> Wed, 29 March 2023 12:02 UTC
Return-Path: <ietf@aitchison.me.uk>
X-Original-To: mailsec@ietfa.amsl.com
Delivered-To: mailsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F1BC14CF1F for <mailsec@ietfa.amsl.com>; Wed, 29 Mar 2023 05:02:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aitchison.me.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhSwKtVH15Ds for <mailsec@ietfa.amsl.com>; Wed, 29 Mar 2023 05:01:58 -0700 (PDT)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7F90C13AE22 for <mailsec@ietf.org>; Wed, 29 Mar 2023 05:00:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aitchison.me.uk; s=mythic-beasts-k1; h=Subject:To:From:Date; bh=EmuCQTHc7XUR6Tc9itLnP9p7rNA3eaCHncri32uU+mk=; b=uABN80SlGCThmfB6G7/U4QbXzy q1ByOSlcljZtHMJ2FwmI3Wr8rgrLDkyIVk+eVoTBzpdheRyHgAPaDxSz6xEnlx+3V4Os0ieT3K8GR zrtcpL+SsXwOihO4Zhnp5oj6VkWyEs5D8q4SnDWcKgsQ5QI4iXre2XslmIQE2DcN5n6Tc+BS76IFo thhLLXDH0KsLOoKuTYyHopgdOnODwmdtieBwQQcwffCldM7u0r+dhBLB4GQ0iJORhKUDweGcakXNe z3JvZdF92ALphLcmz/HCoiefkOA2mhxExJuAE4GY9RzEQDJ6iFHmDPDW0JLDNGBQi51knTo2dW5U2 LOILOvpw==;
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ietf@aitchison.me.uk>) id 1phUTz-000RV3-1v for mailsec@ietf.org; Wed, 29 Mar 2023 13:00:51 +0100
Date: Wed, 29 Mar 2023 13:00:46 +0100
From: Andrew C Aitchison <ietf@aitchison.me.uk>
To: mailsec@ietf.org
Message-ID: <2ee3e373-b207-2a02-15be-037ea826f66d@aitchison.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
X-BlackCat-Spam-Score: 9
Archived-At: <https://mailarchive.ietf.org/arch/msg/mailsec/YeV9g62c3zUyOE_qWkJBSzr_fpI>
Subject: Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmission Types Registration
X-BeenThere: mailsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Email Security Issues <mailsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mailsec>, <mailto:mailsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mailsec/>
List-Post: <mailto:mailsec@ietf.org>
List-Help: <mailto:mailsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mailsec>, <mailto:mailsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2023 12:02:03 -0000
On Tue, 28 Mar 2023, Michael Peddemors wrote: > On 2023-03-27 10:10, Andrew C Aitchison wrote: > > > > [ I am attempting to implement CLIENTID for Exim the MTA. ] > > > > https://www.rfc-editor.org/rfc/rfc3848 > > added ESMTPA, ESMTPS, ESMTPSA, LMTP, LMTPA, LMTPS and LMTPSA > > to SMTP and ESMTP for use in the "with" clause of a Received > > header in an Internet message. > > > > Would we want CLIENTID to add to this list ? > > My thought is that this would risk leaking information > > which might allow a third party to infer facts about the > > heuristics or rules used, so my guess is "no". > > > > If we *did* decide to add to this list, would ESMTPSC and ESMTPSCA > > be sufficient, or do we want LMTPSC and LMTPSCA too ? > and since this is limited to authentication at this time, > I don't see even where ESMTPS would be used, > but someone else might have an argument for that use case. If EHLO - STARTTLS - CLIENTID - MAIL FROM: is valid, that would be ESMTPS rather than ESMTPSA. I suppose you could read that into Section 4, fifth restriction: An SMTP client MUST issue any CLIENTID commands prior to issuing an [AUTH] command. but I had not read that as saying that an AUTH is required between CLIENTID and MAIL FROM: (just that CLIENTID is not valid after AUTH). I see that your servers do reject that pattern, with 501 Rejecting MAIL FROM, Return Sender address not accepted by policy (#5.5.2) but I don't see anything in the draft rfc that requires that rejection. Thanks, -- Andrew C. Aitchison Kendal, UK andrew@aitchison.me.uk
- [Mailsec] CLIENTID and ESMTP and LMTP Transmissio… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Michael Peddemors
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Michael Peddemors