On Wed, Jan 11, 2017 at 12:33:47PM -0800, Michael Peddemors wrote: > More and more, if you want to deliver email in today's environments, you > have to ensure your email servers are correctly configured.
I think there's considerable value in slowly enforcing this in stepwise, announced fashion. I was -- and in some cases, still am -- a fan of "be conservative in what you send, be liberal in what you accept". However, that was written in an age where misconfigurations were almost always benign, and where a note sent back pointing out the problem almost always resulted in a fix. Neither of those are true today. Sure, some of the misconfigurations are still benign, but an awful lot of them are attempts to probe for weaknesses and/or exploit weaknesses. And attempts to point out the problems often either can't be delivered (no postmaster address) or are never acknowledged/acted on (postmaster effectively aliased to /dev/null). We don't serve anybody's longterm interests -- our own, our users, even the people doing this benignly -- by allowing this indefinitely. We're complicating code/configuration, we're lowering defenses, we're making debugging harder. The only people we're really helping out are the bad guys, who are relying on our collective forbearance. I'm not suggesting we all start being RFC compliance fascists tomorrow. (Especially since some of the newer standards are topics of well-grounded disagreement and some are still evolving.) That's why I said "stepwise, announced" above. I'm suggesting that we enumerate a rough list of the things we see that are REALLY wrong, prioritize it, make a schedule for it, announce it, and do it. E.g., "HELO as localhost.localdomain will not be accepted as of X/Y/Z". I'll argue that we should deal with the easy, obvious stuff first: the stuff that should have been done right 25 years ago. (Like that example.) Some of this has already been done in piecemeal fashion over the past decade-plus, but (a) much of it hasn't been coordinated and (b) much of it hasn't been announced. And it would be better to do this as community than to do it separately, because it will avoid the "you're doing this because you're huge" and "nobody else is doing this" and "why are you suddenly doing this?" and "it worked yesterday" and the other zillion reasons why people want to keep running really, really broken mail systems. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
