On Thu, 24 Feb 2005 16:51:50 EST, andrew2@one.net said:
There seem to be many who feel there is no overwhelming reason to support 587. I can certainly see that point of view, but I guess my question is what reasons do those of you with that viewpoint have *not* to implement it? I just don't see the harm in either configuring your MTA to listen on an extra port, or just forward port 587 to 25 at the network level. Other than a few man-hours for implementation what are the added costs/risks that make you so reluctant? What am I missing?
You *don't* want to just forward 587 to 25. You want to to use SMTP AUTH or similar on 587 to make sure only *your* users connect to it as a mail injection service (unless, of course, you *want* to be a spam relay ;) The *real* problem is usually that the site is too clueless to figure out how to enable AUTH on 587, actually authenticate the user (which might involve something really complicated, like LDAP or RADIUS), and tell the script monkeys at first-level support what to tell the users.