Re: [Exim] DNS RMX RR?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] DNS RMX RR?
On Thu, 29 May 2003, Matthew Byng-Maddick wrote:

> On Thu, May 29, 2003 at 01:30:28PM +0000, Sven Geggus wrote:
> > I came around this RFC:
> > http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-01.txt
>
> I-D != RFC


Precisely.

If something like this ever starts happening, then I would consider it.
But it seems very much an early suggestion at the moment. And it does
not fill me with enthusiasm, it has to be said.

Something like this has been suggested before, and it suffers from the
"forwarding problem":

The suggested method is to let the DNS server for the sender domain
provide informations about which IP addresses are authorized to use
the domain within a sender's address.

The original "emitting" host may be "authenticated", but emails often go
through all kinds of forwarding and redirecting processes which involve
other MTAs. The draft puts up a weak suggestion for handling this, but
it says

The disadvantage is that the original sender address is lost.

That means that bounces will not get back to the original sender, which
is IMO unacceptable.

People may think this is a small point, but it is not in certain places.
From my own small patch I know that academics often spent time in other
institutions, and typically forward their mail while they are away. They
don't expect to have to connect to their home systems just to check for
bounces. We also find that students forward their mail to their home
mailboxes during vacations.

The solution to this problem, if one is ever to come, will probably also
have to include a solution to the problem of authenticating bounces
without making mail loops more likely. I suspect, though I have not
thought about it much, that an extension to SMTP is going to be needed.
For example, quite off the top of my head, replace the MAIL command with

MESSAGE FROM=original_sender REDIRECTED_BY=forwarding_sender

for normal messages. The original sender is where you send bounces; the
forwarding sender is what you use for "RMX-style" authenticating. If a
message is redirected several times, the REDIRECTED_BY changes on each
hop (you could preserve the old ones in header lines if you wanted to).

NOTIFICATION SENT_BY=forwarding_sender

for bounce messages and other messages that must never cause automatic
replies. You don't ever generate bounces for them, but you can
authenticate the sending host if you want.

This idea may be freely used. :-)

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book