austin.ibm.com

[Bob Sutterfield]

In article <4279 at awdprime.UUCP> dcheney at dcheney.austin.ibm.com (David J. Cheney) writes:
   An important point needs to be made about mail: many people currently have
	   <name>@<machine>.austin.ibm.com
   in their ~/.signature files.  If <machine>.austin.ibm.com is not
   pingable, you CANNOT successfully deliver mail to <name> at or via
   that machine,

   The best way to find out mail paths to a specific user is to call
   the person and ask.  We are evaluating alternative approaches to
   solving this problem.  IBM Austin employees without approved nodes
   have been asked to correct their signature files.

The problem isn't .signature files (that users control), it's their
mail and news headers (that the system administrators control).  If my
friend sends me mail specifying "From:
whoever at machine.austin.ibm.com" and there's no Reply-To: line in the
headers, then my mailer *must* attempt delivery to the machine named
in the From: line.  If I receive mail from a user, it's reasonable
(and normal practice in the rest of the Internet) to assume that I can
reply to the mail without bothering to call him on the telephone.

If you're going to have a policy that selectively isolates machines,
then please completely implement the policy.  Don't allow your
machines to generate unreplyable message headers.  If a machine cannot
accept messages, than don't let messages from that machine leak into
the world outside your wall.

See RFC1123 (Requirements for Internet Hosts -- Application and
Support), section 5.3.7(D) on mail gatewaying (which is what you're
doing, selectively, between IBM's internal environment and the
Internet):

         (D)  The gateway MUST ensure that all header fields of a
              message that it forwards into the Internet meet the
              requirements for Internet mail.  In particular, all
              addresses in "From:", "To:", "Cc:", etc., fields must be
              transformed (if necessary) to satisfy RFC-822 syntax, and
              they must be effective and useful for sending replies.

Mail leaking from non-approved hosts at austin.ibm.com violates the
last phrase in the last sentence of that paragraph.

I don't want to flame IBM and wave RFCs at you, but if you're going to
bring up the subject of your nonconformant mailers in a public forum,
then you've set yourself up as fair game.  I've redirected followups
to comp.mail.misc.

And, lacking a way to get private mail to rangoon.austin.ibm.com,
would you please convey my thanks to Win Bo for his congratulations on
the birth of my son?  Lauri, Andy, and I hope that he, Than, and Ryan
are also doing well, but I have been unable to respond privately to
his gracious note, conveyed to me via private mail.  See how silly the
effects of selective isolation policies can be?