[ On Wednesday, March 27, 2002 at 21:36:44 (-0500), Jeff Mcadams wrote: ]
> Subject: Re: [Exim] Exim 4.02 new "feature"
>
> Man...considering that there are virtually no reasonable expectations
> that a system can make about the structure of a Received header...I
> don't see that as a significant drawback.
Obviously you haven't tried to read the procmail scripts some people
write! (I wish I hadn't either! :-)
(anyone MTA implementor who can't make their program generate conforming
received headers should go back to programming school too!)
> *boggle* Say what?! Underscores or not...putting any stock in a
> reported hostname for auditing or security purposes is suicide at best.
Huh? No, I was talking about the audit trail of of an e-mail message
that was transmitted via SMTP over TCP/IP. If an independent agent is
to validate the path a message took then the log files on the servers it
passed through are not sufficient alone, especially not if plain old
SMTP was used over plain old TCP/IP. The received headers are what make
the log records believable (and any IDENT records logged in the headers
and the server logs are an extra confirmation) that everything in this
fragile network of information actually hangs together and can be
believed within reasonable limits.
You might not have had the pleasure of having to prove a message was
transmitted over a given path and be able to provide corroborating
evidence or at least pointers to it, but if ever you do then that's when
you'll very much appreciate how this web of information fits together
and just how important it is for all the hostnames to have been checked
and validated and properly recorded along the way
> Or just use the IP address of the connecting machine (which has to be
> valid or no TCP connction can be established in the first place) and be
> done.
IP#s change over time. If we were to all use just IP#s then we wouldn't
be discussing what a valid hostname looks like now would we? If you're
going to use a name then you have to make sure that name is correct and
valid at the time it is used. You get no second chances in a two-layer
naming system like we use with the DNS and IP addresses. The mapping of
a name to an address is only valid for the TTL given in the DNS record
you learned it from (and unfortunately sometimes not even that long!).
You cannot still have your cake if you've aready eaten it. If you're
going to use the name then you'd bloody well better get it right and
you'd better use a name that fits even the narrowest definitions of what
names are valid because if you don't then you will eventually be called
to the carpet (i.e. your e-mail will eventually get rejected by someone
being strict about what they accept and believe from the Big Bad Internet).
Any implementer of networking applications will eventually (hopefully
sooner rather than later) learn that they must always always always
validate and check every single bit of information they receive,
especially if they pass that information along in any form whatsoever.
It doesn't matter if the application is an anonymous FTP server, or an
SMTP server, or an SSH server. Never believe anything you've received
from the network until you've checked and double checked it, and always
take extreme care when handling un-verified data. Even the wimpy
rationale for the self contradiction in RFC 1123 #5.2.5 says at least
this much!
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
