All - While I am not normally on the IETF list, I was summoned by my *very* esteemed friend Randy :-) and I will answer his questions below. I have read some of the other messages, and know that this has been partially addressed already, but as the IT director of the vendor providing IT operations services to the IETF, and the person who is most hands-on with this, I felt that I should personally answer the technical questions he posed. As Randy wisely implies, the politics of this are beyond me, so please do not consider my silence elsewhere - anywhere - as apathy; rather, prudence. I am always happy to answer questions about our operations. I cannot ever speak to anything else beyond that. On Mon, Dec 16, 2019 at 7:43 AM Randy Bush <randy@xxxxxxx> wrote: > o would it be technically easy for the smtp servers to accept ip > literals in a conforming manner? yes, this is a question for my > esteemed friend glen Extremely easy. The statements already made about Postfix are correct. There is a configuration file, with two lines in it: /^[0-9.]+$/ 550 RFC2821 violation /^\[[0-9.]+\]$/ 550 RFC2821 violation In just seconds, I can easily change the messages, or remove the rules, either with complete ease. > o what would the technical and/or security exposure or other > downside(s) be of doing so? These rules have been in place for roughly 10-ish years, as has already been explained by John. They are in essence gateway checks, which occur before other measures like Postconfirm or Spamassassin see the messages. On a given day, there are between 700 and 1000 incoming messages rejected by this rule. Changing the messages would have no technical exposure or downsides that I can see. Changing the messages may have a positive or negative security exposure in that it might either (a) send the message that we (the IETF) are watching and know what we're doing and scare attackers off, or (b) might cause attackers to abandon this channel (which at the moment could be a honeypot-esque bit bucket) and focus on other methods of attack. But I think both of those things are extremely small side-effects. Removing the rules would increase the load on Spamassassin and - for that subset of those 1000 messages per day that pass through Spamassassin's upper threshhold - cause us to send out challenge emails to the (potentially forged) senders of all of those emails. This could possibly cause increases in greylisting threshholds or other automated checks used by others to evaluate email - and in potential delays in IETF email delivery. It could make us become (or be perceived as) a spam source, or (incorrectly, but, it's all about perception) an open relay. It could also potentially cause some hosts or ISPs to block or blacklist us, requiring the users of those hosts to either appeal to their ISPs, or change ISPs, to continue participating with us. There may be other downsides I am not aware of. I trust the answers are helpful. If there are other technical questions to which answers are desired, please copy me directly, as I do not normally subscribe to the IETF list. Thank you! Glen -- Glen Barney IT Director AMS (IETF Secretariat)
