[Exim] Domain literals: weighing up the arguments

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tim Jackson
Date:  
À: Exim users list
Sujet: [Exim] Domain literals: weighing up the arguments
All (particularly Philip),

There has been some discussion of domain (IP) literals recently, with
varying opinions from "we absolutely don't want or need them" to "you are
breaking RFCs and doing a disservice to everyone else if you don't support
them". A post this morning from someone needing them enabled so that a
remote site can contact them about a specific server highlights the issue.

Coupled with a couple of incidents recently where I've had a problem with
an MTA on a particular IP, it's made me re-examine my Exim config and
think about literal addressing a bit more.

In the default config, there are some very stern-sounding warnings about
them: "This [enabling domain literals] is not recommended" coupled with
scary comments like "This ancient format has been used by those seeking to
abuse hosts by using them for unwanted relaying" and (again) "it...has
been exploited by evil people seeking to abuse SMTP relays".

Consequently, based on the fact that a) I respect Philip and his
judgements, b) I don't want to inadvertently end up being an open relay,
and c) I certainly don't want even by chance people to start
e-mailing end users via domain literals (I would consider it completely
unsupported), I (presumably like many others) have, until recently, left
the default options as-is.

However, the recent discussions made me realise: if you want to contact
the administrator of a specific server, where there is no [meaningful]
rDNS (or it cannot be determined, for whatever reason) and no way of
telling its "primary domain", it seems you have two choices (please
correct me if I am missing something):

a) "postmaster" (with no qualifying domain), or
b) "postmaster@[ip address]"

Whilst Exim supports receipt of the former by default, this appears to
suffer from one major drawback: it generally requires a sender to telnet
directly to the destination mailserver; typing a recipient of "postmaster"
in an MUA is clearly not going to be very productive, at least without
changing the outgoing SMTP server. Which leaves postmaster@[ip], an
unambiguous globally-routeable address mandated by RFCs.


Therefore, I have a few comments/suggestions:

1. As far as I can tell, despite the stern security warnings, I can see no
security risk inherent in Exim itself if IP literals are enabled.
Therefore, the comments seem to me to be slightly misleading and may put
off people enabling an option which, irrelevant of whether it is agreed
it's necessary or not, is fundamentally just as safe as adding any other
local domain. Am I missing something?

2. If I am correct, given that the IP literal format (even if uncommon and
rarely used) is useful at least for the purposes of contacting postmasters
and required by RFCs, would it not be better to enable it by default?
Perhaps it could be accompanied by a default RCPT ACL rule following the
"accept postmaster unconditionally" one, something like this:

  deny    message       = Domain literals supported only for postmaster
          <blah>


where "<blah>" is some condition that matches any recipient domain that is
a domain literal containing an IP address of a local interface (the
conditional equivalent of "@[]" in the domain list; I tried "domains =
@[]" but that didn't seem to work)


Any comments?


Tim