Date: Mon, 11 Aug 1997 09:47:29 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: fenner@parc.xerox.com (Bill Fenner) Cc: terry@lambert.org, current@freebsd.org Subject: Re: cvs commit: src/etc aliases Message-ID: <199708111647.JAA15410@phaeton.artisoft.com> In-Reply-To: <97Aug10.161203pdt.177512@crevenia.parc.xerox.com> from "Bill Fenner" at Aug 10, 97 04:11:56 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >I *don't* think they should be taken out. They are mandated by RFC. > > I don't think they should be taken out either, but they are not mandated. They are mandated by RFC2142. The distinction I think you are missing is that RFC2142 is *not* mandated. However, there is "case law" in FreeBSD in this regard... specifically, FreeBSD enables RFC1323 and RFC1644 in its default configuration. > 1. RFC2142 is Elective, not even Recommended and certainly not Required > (see RFC2200). Elective means basically "if you are going to do > something like this, you must do exactly this." Yes. It is also a standards track protocol (see "Status of This Memo"). > 2. RFC2142 itself doesn't claim to apply to all hosts: [ ... ] I think this is the salient point upon which I'm basing my recommendation: > However, if a given service is offerred, > then the associated mailbox name(es) must be supported, resulting in > delivery to a recipient appropriate for the referenced service or > role. [ ... ] > I could go either way on the commented / uncommentedness of the aliases > in the default file, but I think it should go all one way or all the > other. I agree as well; but by default, the services offered by a FreeBSD host /must/ have the RFC mandated aliases if FreeBSD chooses to comply with RFC2142 as it has chosen to comply with RFC's 1323 and 1644. The default configuration of FreeBSD does not offer all of these services, so the RFC does not require all of the aliases. I think FreeBSD should do "the RFC1323/1644 thing" and enable all aliases. > I disagree with the "it gives more ways for spammers to send to known > userids" argument if they're all aliased to "root" -- "root" is already > a well known userid. I disagree with that as well; RFC822 mandates "postmaster", and RFC821 mandates accepting null addresses in the "MAIL FROM:<address>" in an SMTP session also "aid spammers". The correct mechanism for this is to use GetPeerName() on the connecting socket to refuse connections from spammers, and to use 521 responses (RFC1846) if connections are granted anyway. One can also enforce the domain requirement for "HELO" (in combination with 521 responses, this is a nice way to determine interstate wire fraud). In any case, additional aliases make the domain no less open to attack than it would otherise be. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708111647.JAA15410>