On 2022-11-16 10:57, Slavko via mailop wrote:
Dňa 16. novembra 2022 17:45:19 UTC používateľ Heiko Schlittermann via mailop
<[email protected]> napísal:
I'm not sure one if the next hops should remove headers of previous
hops, IMHO this could be a bad move (w/ e.g. respect to DKIM
signatures, though I think, the Return-Path header isn't part of the
default set of signed headers).
Ignoring DKIM for now, the RFC 5321, sect 4.4 (numbered by me):
1. A message-originating SMTP system SHOULD NOT send a message
that already contains a Return-path header field
2. SMTP servers performing a relay function MUST NOT inspect the
message data, and especially not to the extent needed to determine if
Return-path header fields are present
3. SMTP servers making final delivery MAY remove Return- path header
fields before adding their own.
My understanding of this is, that Return-path header **can** exist on
transport if it was added on sending system (which is not strictly
forbidden) or **by mistake** on any relay. But then it must not be
removed (even nor inspected its presence) on transport, until it
reach final delivery, where it can be replaced/removed.
I can imagine situation, eg. when final delivery adds it and then user
forward message without headers modification. And i believe, that
this example can be reason of that "SHOULD NOT" (but not adding it).
Now back to DKIM, IMO it have to not sign it (nor its non-existence)
as it is expected to be added latter. As intermediate relays have to
ignore it, they cannot affect DKIM by this. IMO, if any system signs
it, it does it wrong.
regards
+1 for the most of your comments (stated a lot clearer than mine)
However, I do question "it must not be removed (even nor inspected its
presence) on transport"
If a server or relay realizes that it was incorrectly added, eg that in
reality it isn't the final destination, it SHOULD remove it before
passing it on. I would further state, that if a DKIM signature is added
that includes Return-Path, that it be considered invalid. The question
is, should that relay system then simply reject the message?
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
