Hi Victor,
On 22/03/2015 19:37, Viktor Dukhovni wrote:
2. MTAs are sometimes configured to act as submission clients.
Most frequently on single-user machines. When should such
an MTA use an SRVNAME reference identifier for the target
SMTP server? To clarify, a typical configuration might be:
relayhost = [smtp.example.net]:587
or less frequently indirection via /etc/services:
relayhost = [smtp.example.net]:submission
thus in current practice often no explicit indication that
the service is "submission" (could just be a private peering
relay that happens to use port 587) and no explicit SRV
lookup of "_submission".
When should such an MTA choose to accept an SRVNAME of
"_submission.smtp.example.com" in the peer's certificate?
Would that only be applicable if new code is written to
support SRV indirection? Should use of "_submission"
SRVNAMES be inferred from the target port?
No.
Or enabled via
per-destination configuration?
I think direct host configuration must disable SRV lookups and checking
for sRVName in certificates.
This is the same as manually configuring an IMAP server in an email
client: sRVName don't apply.
[ I know that the document is not about MTA-to-MTA, but
I think the intention there is to exempt forward-path
port 25 relaying, and not necessarily "stub" MTAs that
try to emulate user agents. ]
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
