On Tue, Feb 02, 2021 at 07:27:27AM -0800, Leo Bicknell wrote:
> I won't attempt you change your mind, as you've clearly made it up.
It appears we have reciprocity.
> However, in my role as an admin, you just gave me excellent
> justification to never run Postfix. The shutdown aspects of protocols
> should not be optional.
But in TLS waiting for the peer's close_notify *is* optional. MTAs talk
SMTP. Postfix implements SMTP and delivers mail reliably. It makes no
sense to hog precious connection and process table slots to go through
the motions of bilaterally tearing down a TLS connection that is sure
to not carry any further application traffic.
It is a favour to servers already often stressed by email abuse traffic
to drop the TCP session as early as possible. The server is then able
to move on to other (ideally legimate) clients. On the server side we
also get to reduce exposure to DoS by not slavishly blocking for a
full SMTP timeout for a close notify notify that may never arrive.
> Clean shutdown at the TCP, TLS, and SMTP layer provides confirmation
> the software is working properly.
Sending a close notify without waiting for the peer to do so, *is* a
clean TLS shutdown. This is explicitly conformant with the TLS
specification. The SMTP protocol is for reliable delivery of email, not
pedantic proofs of software correctness.
> When debugging, via logs or tcpdumps a proper shutdown sequence
> provides quick confirmation that all was well -- where as intentional
> incomplete sequences provide an provide an endless stream of dead ends
> to chase down while hunting for legitimate problems.
Connection loss is only a concern in the *middle* of the SMTP
transaction. That is, after EHLO and before QUIT or RSET.
Don't waste the user's time debugging connection loss after
the transaction is over.
> I've made the community aware of my findings. I cannot force the
> Postfix community to fix them. I won't attempt any further, thank you
> for your consideration.
I can't speak for the Postfix community as a whole, and you've only
heard back from me, so there's basis here to make judgements about
the community as a whole.
We do welcome bug reports on this list, take them seriously, and don't
let bugs fester. Typically bugs are fixed within days (often the same
day) they're reported.
I know you believe that you're performing useful outreach here, and
thus, not surprisingly, find my objections unappreciative of your
well-intentioned work. Fair enough, but ... the reality of the
situation is that what you perceive to be a bug is a carefully
considered feature, that optimises for keeping the MTAs limited
resources available for productive uses.
Therefore, while I could be mistaken, I don't expect that Postfix
will be modified to do 2-way TLS shutdown barring some future
specification of STOPTLS, that would make it useful.
--
Viktor.
