On Fri, 25 Feb 2005 andrew2@one.net wrote:
being used on port 25 already. You can do SMTP AUTH just as easily on port 25 without having to re-educate your users and still net the same simplified tracking procedures that you mention. It sounds to me like what we should really be talking about is getting MTA operators to begin using SMTP authentication of some kind (any kind!), rather than harping on whether or not MTA's should accept mail on port 587...
Port 587 becomes useful because it allows you to firewall outbound port 25 from non-mail servers (IE -users), while allowing them to submit mail to other places. It's hard to say how it benefits YOU as a single person. But the separation benefits the Internet as a whole. It's a two part thing though. Blocking port 25 won't work without and alternative for users, and having mail submitted to relays on 587 isn't helpful if local admins don't block port 25 outbound for their users. However, with both of these in place, you stop the ability of every virus-infected host to send mail out directly to other people's mail servers. Forcing them through your mail relay gives you control: Your virus scanner can now detect the traffic, issue an alert, shut down the account, etc. So to answer Nil's original question, along the lines of giving him a reason to listen on port 587, the only selfish reason would be so your users behind port 25 firewalls can relay through your server. If you don't need that, that don't bother. Simply making this available has caused us really no additional support requests, it's maybe two lines in the sendmail.mc file. On the other hand, Optimum Online deciding to block outbound port 25 one (Saturday) morning caused quite a bit of support work. Had we not already been supporting 587 at that point, the work would have been far greater, if not for the techs, then for the salespeople trying to get new customers to replace all the ones we would have lost. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/