Re: [Nmh-workers] Changes to post

[Robert Elz]

    Date:        Mon, 12 Mar 2012 19:32:23 -0400
    From:        Ken Hornstein <address@hidden>
    Message-ID:  <address@hidden>

  | I think you've misunderstood me; in this particular instance,

OK.

  | Paul's proposal was to generate a Sender: header if there were multiple
  | From: addresses and there wasn't one already.

In practice I think it more likely that there'd be a Sender field than
this new one, but handling both variants is useful.

  | Do you mean RFC 6409?

Yes.

  | AFAIK, we're compliant with that.

I suspect that we are, anything that is doing SMTP should be.
(I'm not sure that nmh can really guarantee unique message-id's
but aside from that it is probably about right.)

The point is that you can do less and still be submission compliant.
That's why the protocol was created (otherwise we could just run
normal SMTP on a different port for local use only, protocol mods
wouldn't have been needed.)

With an MSA, the MSA can add the Sender, rather than nmh needing to
do it, as the MSA (unlike nmh) is expected to know a mailbox that
works for the person actually sending the mail.   Same for the
envelope source address (and Date, Message-ID, etc).

  | In my experience with SMTP AUTH, while you can configure mailers to
  | require authentication and that information is logged, it doesn't
  | change anything else with with regards to the SMTP protocol or
  | message contents.

Of course, with SMTP, but the submission protocol is relaxed, all
kinds of things can be corrected in messages received using it.
(How much any particular MSA allows depends upon it, naturally.)

It was developed precisely because of the problems we're encountering,
typical MUAs these days simply can't know enough.   AUTH is required
of the submission protocol, the MSA needs to know who the sender
really is, or it would be in no better position than the MUA (just
with different unknown data).

kre