Re: [yam] Interop problem: SMTP submission, STARTTLS, AUTH EXTERNAL

"John R. Levine" <> Sat, 01 May 2010 01:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 01CB83A68C3 for <>; Fri, 30 Apr 2010 18:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.222
X-Spam-Status: No, score=-9.222 tagged_above=-999 required=5 tests=[AWL=1.977, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lnyjQl6qPEAs for <>; Fri, 30 Apr 2010 18:42:15 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9957F3A680D for <>; Fri, 30 Apr 2010 18:42:15 -0700 (PDT)
Received: (qmail 21106 invoked from network); 1 May 2010 01:41:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=k1004; bh=SFOZC63jCpHP9YVoCrqxiENaxNrGCqcDHRPR583uSWc=; b=ZpMk4vS/Xg+nwQ/GmToUkl6NLJwIVG3c8LYM43BKWs8DmJ4rzQl3COzYxBOot36nuuQfNAJkbOQPJUygtOt+hUYFJGZ1MumgWea9PDRftfcyImbW0s1i139aJ42pQMu2RAU8mch6kRwLEln2oIOwb4D4OciWYp8Ozbo7Yq7TiEI=
Received: (ofmipd with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2010 01:41:37 -0000
Date: 30 Apr 2010 21:41:55 -0400
Message-ID: <alpine.BSF.2.00.1004302136250.2336@joyce.lan>
From: "John R. Levine" <>
To: "Chris Newman" <>
In-Reply-To: <4DE3D88239911A6791730051@96B2F16665FF96BAE59E9B90>
References: <4DE3D88239911A6791730051@96B2F16665FF96BAE59E9B90>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: Re: [yam] Interop problem: SMTP submission, STARTTLS, AUTH EXTERNAL
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 01 May 2010 01:42:17 -0000

> Comments?

This is hardly the only case where the client and server both know that 
it's OK to relay, even though there's nothing in the SMTP dialog to 
confirm it. Why should implicit auth via STARTTLS be any different than 
implicit AUTH by connecting from a friendly IP address or implicit auth by 

I suppose we could allow the second EHLO to say RELAY to tell the client 
that it's OK to relay, but it's hard to see how this would be useful since 
the existing practice is that the client just sends the message, and the 
server lets it know if there's a problem.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be,, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.