[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What about an authenticated TURN command?

To kick off discussion on this topic, I'd like to state the problem that
I think we're addressing on this list: providing a means within SMTP to
dequeue mail from a server in a secure manner (i.e. not allowing others
to receive the mail as TURN does) and in an environment which may
involve dynamic IP addresses.  The problem we've seen with ETRN is that
a user connects to their ISP, gets a dynamically assigned IP address,
issues an ETRN, and then (for whatever reason) loses their connection.
If another user connects at that time, they can get the previous user's
IP address and, because the tables on the ISP haven't yet been updated,
the ETRN connects to that new user and delivers the old user's mail.

It seems to me that an SMTP extension which is basically TURN over an
authenticated SMTP connection (call it ATRN for now) would solve the
problem nicely.  An SMTP client would issue the command

   ATRN [optional list of mailbox addresses or domains]

when it wished to dequeue mail for either the domain specified in the
initial EHLO (if the ATRN command had no parameters) or for the optional
list of mailboxes and domains.

If the client had not authenticated itself to the server's satisfaction
via TLS, SMTP AUTH, or whatever, the server would reject the command.
If the client had authenticated, the server would check that the
authenticated ID had rights to dequeue mail to the targets specified.
If not, the command would be rejected.  If the client did have the
appropriate rights, the server would start sending the mail over the
existing SMTP connection.

As an extension to this, we might want to consider whether it would make
sense to allow "ping-ponging" of server-hood back and forth between the
server which initiated the connection and that which accepted it.  Say
server S1 initiates a connection to server S2.  The conversation might
go something like:

   S1: <opens connection and authenticates>
   S1: <transfers mail to S2>
   S1: ATRN
   S2: <now in control>
   S2: <dequeues mail to S1>
   S2: TURN
   S1: <now in control and has new mail to S2>
   S1: <transfers mail to S2>
   S1: ATRN
   S2: <now in control, but has no more mail for S1>
   S2: TURN
   S1: <now in control, but has no more mail for S2>
   S1: QUIT