Great Circle Associates Firewalls
(March 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: a few points on the recent discussions
From: Christopher Davis <ckd @ kei . com>
Date: Tue, 8 Mar 1994 11:26:17 -0500
To: firewalls @ greatcircle . com 
I was out of town over the past few days, doing a hardware installation at
a remote site.  This is probably a good thing, as I would have been
tempted to send out a few rather vicious flames...

I batched up the (20 or so) messages that were kicked off by my original
message, and I'll try to respond to all the major points in this message,
hopefully in an anti-inflammatory manner.  (Think Halon.)  Since some of
the messages were sent to me personally, I will paraphrase in those cases.

First point: some people seem to have confused the SMTP envelope with the
RFC 822 From: header.  Mail with the null SMTP FROM does not necessarily
(and, in fact, does not normally) have a null From: header.

The message that brought the InterLock bug to my attention was such a
message: it carried an appropriate From: line indicating its origination
as MAILER-DAEMON @
 kei .
 com .
   I hardly consider this an "anonymous" message.

Yes, that's right, I was debugging a mail problem that came to my
attention when one of their users requested a return-receipt on a message
sent to a user here.

Second point: the null SMTP FROM is *not* an "interactive debugging" aid.
It is a loop-breaking feature.  Since SMTP deliveries are *only* done on
envelope recipients, not header recipients, the headers will still show
the origin of the message (From:) and the path it took (Received:).

Third point (in response to Michael Nittmann):

 MN> So, now explain please [...] why you do not call up ANS or send them
 MN> mail, since you have a mailer's address?

Unlike sendmail V8, InterLock's SMTP gateway does not have any simple way
to get an address to send implementation bugs to.

ANS is a large enough company that the network and domain contacts are
unlikely to be on the InterLock team.

I was already a member of the Firewalls list, and suspected (rightly) that
the InterLock team would have at least one person reading this list.  In
addition, InterLock users would probably be interested.

 MN> How about sending it to root at the host you 'sanitized' away?

You should have read my message; I *did*.  In the *first line*:

 ckd> I just finished sending the following mail to postmaster @
 xxx .
 xxx

Fourth point: SMTP is unverifiable.  That is merely its nature.  If you
need real verifiability, you have to run PEM or something over SMTP/822.
If you absolutely cannot have unverifiable mail enter your site, turn off
your SMTP gateway.
Indexed By Date Previous: Re: email workgroup for rfc 821/822/1123 modification
From: James M Galvin <galvin @ tis . com>
Next: screening router choice
From: lacoursj @ uprc . com (Jeffrey D. LaCoursiere)
Indexed By Thread Previous: Re: email workgroup for rfc 821/822/1123 modification
From: KLENSIN @ INFOODS . UNU . EDU
Next: screening router choice
From: lacoursj @ uprc . com (Jeffrey D. LaCoursiere)
Google
 
Search Internet Search www.greatcircle.com