From: Christian Schulte Subject: Re: smtpd(8) should add missing date and message id headers also on port 465 To: gilles@poolp.org, tech@openbsd.org Date: Wed, 4 Sep 2024 00:47:41 +0200 On 04.09.24 00:05, gilles@poolp.org wrote: > > I'm not sure this is true: > > Submission *normally* takes place on port 587 but it may take place on port 25 > with optional auth and in this case you can no longer express it this way, and > we start needing other knobs to be introduced. > > Genuine interrogation: > > Is there a case where a session authenticates (implying TLS / SMTPS regardless > of any port), submits a message and that message shouldn't be F_SUBMISSION ? AUTH got introduced to mitigate against open relays - access control. "Relaying denied. Authentication required." In my personal setup, I am running OpenSMTPD locally on my laptop setup to use a smarthost it needs to authenticate to, so that the smarthost allows relaying. In that scenario the smarthost would not be the submitting agent, but just a relay. Not the first hop. It would not do any harm if that smarthost would apply submission semantics, even if it is the second hop, as the first hop already performed submission semantics. That's just about the relaying part. If I would send a mail from the laptop to a local user at that smarthost - so no relaying taking place - this would work without authentication. In that scenario the smarthost could not decide between submission or transfer based on authentication, although the laptop would have authenticated either way. So my answer would be: no (not yet). -- Christian