[Mimedefang] Received headers in general

kd6lvw at yahoo.com kd6lvw at yahoo.com
Tue May 22 20:41:05 EDT 2012 

--- On Tue, 5/22/12, David F. Skoll <dfs at roaringpenguin.com> wrote:
> On Tue, 22 May 2012 16:18:49 -0700 (PDT) kd6lvw at yahoo.com wrote:
> > Put that in contrast where RFC 5321 says MUST with regard to using
> > the syntax listed therein for generating trace headers, your
> > statement and policy loses every time.  A "must use" directive has no
> > discretion.  I reject not because I choose to but because the
> > standard says I must.
> 
> I think you are reading a different version of RFC 5321 than the rest
> of us.  My version says:
> 
>    ... As another consequence of trace header fields arising in
>    non-SMTP environments, receiving systems MUST NOT reject mail based
>    on the format of a trace header field and SHOULD be extremely
>    robust in the light of unexpected information or formats in those
>    header fields.
> 
> It seems to me that your rejection of email solely because of an
> invalid trace header violates a MUST NOT dictum of RFC 5321.

You completely missed what I said earlier.  That part applies to NON-SMTP headers and says that we cannot and must not reject headers from other transports on the grounds that they don't meet SMTP's syntax.  It doesn't apply to headers which fall under SMTP environment or generation, nor do I enforce SMTP syntax compliance on non-SMTP generated headers.  RFC 5321 section 3.7.2 indicates that under SMTP, a received header MUST be inserted, and in section 4.4, the following syntax MUST be used:

4.4.  Trace Information

   When an SMTP server receives a message for delivery or further
   processing, it MUST insert trace ("time stamp" or "Received")
   information at the beginning of the message content, as discussed in
   Section 4.1.1.4.

   This line MUST be structured as follows:
...
[skip to the bottom of page 58 for the ABNF syntax defining the headers.]


If a message contains a header which does NOT have "with SMTP" (in any form matching the regex given in a prior message), I do NOT apply the rules which require and enforce the "from", "by", "via", "id", and "for" clauses' syntax, and that is pursuant to section 3.7.2's prohibition.  However, if a message claims "with SMTP" for a given received header, enforcement of the required syntax of section 4.4 must and does happen (at my server).


Exchange and gmail claim SMTP transport but fail to follow the required syntax.  RFC 5321 does not ban rejecting on that basis.  It bans only the application of SMTP syntax to non-SMTP headers.


Regardless of SMTP or not, messages having unregistered "with" protocols are rejected for that reason even though the authority for that is only a "should" (not a must) because proptocol field registration is required under the overall STD 10 (which is more than just RFC 5321 and 5322).

Where "MUST" is given, such means that there is something to enforce.  I enforce it and get much less spam as a result.  You don't and you get spammed.  That's your problem.

More information about the MIMEDefang mailing list