[mail-vet-discuss] Auth-Results issues? #3 ABNF
Arvel Hathcock
arvel.hathcock at altn.com
Tue Mar 28 11:45:26 PST 2006
> Is this built on top of RFC 822 or 2822? If 2822, then CWFS should not
> be specified before the :.
Good catch. It should be 2822 so the CFWS before the colon should be
removed.
The rest of your message below is what I was asking for in my previous
email. +1 for change along these lines from me.
--
Arvel
Tony Hansen wrote:
> I have a couple of comments about the ABNF.
>
> header = "Authentication-Results" CFWS ":" CFWS hostname CFWS
> headerspec *(CFWS ";" CFWS method CFWS "=" CFWS result)
> CFWS
>
> Is this built on top of RFC 822 or 2822? If 2822, then CWFS should not
> be specified before the :.
>
> header = "Authentication-Results:" CFWS hostname CFWS
> headerspec *(CFWS ";" CFWS method CFWS "=" CFWS result)
> CFWS
>
> For the remaining discussion, here is a sample of A-R headers I've
> collected from various DKIM/DK/SPF test auto-responders. (I've changed
> "hostname" in all cases to example.com. I've changed the sending
> system's name to example.net. The references to tony at att.com are what is
> in the rfc822.from header.)
>
> Authentication-Results: example.com from=tony at att.com;
> sender-id=fail (DomainDoesNotExist);
> spf=fail (DomainDoesNotExist)
> Authentication-Results: example.com smtp.mail=tony at att.com;
> spf=neutral
> Authentication-Results: example.com header.from=tony at att.com;
> domainkeys=neutral (not signed);
> dkim=neutral (not signed)
> Authentication-Results: example.com from=tony at att.com;
> sender-id=fail (DomainDoesNotExist);
> spf=fail (DomainDoesNotExist)
> Authentication-Results: example.com header.From=tony at example.net;
> dkim=pass (768-bit key)
> Authentication-Results: example.com from=tony at att.com;
> sender-id=neutral;
> spf=neutral
> Authentication-Results: example.com; header.From=tony at att.com;
> dkim=neutral
> Authentication-Results: example.com;
> header.DKIM-Signature=@example.net;
> dkim=fail (DKIM RR problem for example.net/shan.
> missing/bad public key; example.net/shan fail; );
> header.From=tony at att.com; dkim=neutral
> Authentication-Results: example.com header.from=tony at att.com;
> domainkeys=neutral (not signed);
> dkim=pass (1:0:good;)
>
> The most common mistake I see in here that's related to the ABNF is the
> introduction of a ";" after the hostname.
>
> Part of this issue will be taken care of if we move the headerspec as
> suggested in a previous note.
>
> I'm going to propose the following to move headerspec:
>
> header = "Authentication-Results:" CFWS hostname CFWS
> *(CFWS ";" CFWS method CFWS "=" CFWS result
> CFWS headerspec ) CFWS
>
> Secondly, there is a reduction error in the use of "hostname" from
> [MAIL]. "hostname" already contains optional CFWS, so you essentially
> have CFWS twice. Similarly another error occurs with "value" because
> mailbox also contains optional CFWS.
>
> [MAIL] solves some of these problems by keeping the the CFWS pieces of
> the ABNF associated with the leaves, and not with the higher-level
> productions.
>
> Thirdly, saying CFWS means that you MUST put in whitespace or a comment.
> [MAIL] uses [CFWS] to make it optional.
>
> Fourth, this can be made clearer if method=result were split out
> separately into a combined production. Making these changes gives the
> following:
>
> header = "Authentication-Results:" hostname
> *([CFWS] ";" methodspec headerspec )
> ; hostname allows CFWS
>
> methodspec = [CFWS] method [CFWS] "=" [CFWS] result [CFWS]
> headerspec = ptype [CFWS] "." [CFWS] "=" value
> value = [CFWS] token [CFWS] / mailbox
> ; mailbox allows CFWS
>
> I think this is easier to follow, and convert to a real parser.
>
> Tony Hansen
> tony at att.com
>
> _______________________________________________
> NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
More information about the mail-vet-discuss
mailing list