Xref: utzoo comp.unix.aix:2733 comp.mail.misc:4383 Path: utzoo!attcan!uunet!trac2000!cbmvax!rutgers!tut.cis.ohio-state.edu!mstar!mstar.morningstar.com!bob From: bob@MorningStar.Com (Bob Sutterfield) Newsgroups: comp.unix.aix,comp.mail.misc Subject: Re: austin.ibm.com Summary: Mail leaking from non-approved hosts at austin.ibm.com violates the last phrase in the last sentence of RFC1123 5.3.7(D) Message-ID: Date: 21 Nov 90 16:26:53 GMT References: <4279@awdprime.UUCP> Sender: usenet@MorningStar.COM (USENET Administrator) Reply-To: bob@MorningStar.Com (Bob Sutterfield) Followup-To: comp.mail.misc Organization: Morning Star Technologies Lines: 53 In-Reply-To: dcheney@dcheney.austin.ibm.com's message of 20 Nov 90 15:52:16 GMT In article <4279@awdprime.UUCP> dcheney@dcheney.austin.ibm.com (David J. Cheney) writes: An important point needs to be made about mail: many people currently have @.austin.ibm.com in their ~/.signature files. If .austin.ibm.com is not pingable, you CANNOT successfully deliver mail to at or via that machine, The best way to find out mail paths to a specific user is to call the person and ask. We are evaluating alternative approaches to solving this problem. IBM Austin employees without approved nodes have been asked to correct their signature files. The problem isn't .signature files (that users control), it's their mail and news headers (that the system administrators control). If my friend sends me mail specifying "From: whoever@machine.austin.ibm.com" and there's no Reply-To: line in the headers, then my mailer *must* attempt delivery to the machine named in the From: line. If I receive mail from a user, it's reasonable (and normal practice in the rest of the Internet) to assume that I can reply to the mail without bothering to call him on the telephone. If you're going to have a policy that selectively isolates machines, then please completely implement the policy. Don't allow your machines to generate unreplyable message headers. If a machine cannot accept messages, than don't let messages from that machine leak into the world outside your wall. See RFC1123 (Requirements for Internet Hosts -- Application and Support), section 5.3.7(D) on mail gatewaying (which is what you're doing, selectively, between IBM's internal environment and the Internet): (D) The gateway MUST ensure that all header fields of a message that it forwards into the Internet meet the requirements for Internet mail. In particular, all addresses in "From:", "To:", "Cc:", etc., fields must be transformed (if necessary) to satisfy RFC-822 syntax, and they must be effective and useful for sending replies. Mail leaking from non-approved hosts at austin.ibm.com violates the last phrase in the last sentence of that paragraph. I don't want to flame IBM and wave RFCs at you, but if you're going to bring up the subject of your nonconformant mailers in a public forum, then you've set yourself up as fair game. I've redirected followups to comp.mail.misc. And, lacking a way to get private mail to rangoon.austin.ibm.com, would you please convey my thanks to Win Bo for his congratulations on the birth of my son? Lauri, Andy, and I hope that he, Than, and Ryan are also doing well, but I have been unable to respond privately to his gracious note, conveyed to me via private mail. See how silly the effects of selective isolation policies can be?