At 10:26 AM -0700 2002/09/15, Dave Crocker wrote:
2. The issue with email is authentication, not privacy. Authentication can be achieved can be achieved easily over port 25, without encryption. Hence, blocking port 25 blocks legitimately validated email, as well as possible spam.
True enough. However, there are no intelligent transparent proxies that I know of which will allow authenticated and/or link-encrypted port 25 connections through to the indicated site, and shunt the non-authenticated/non-encrypted sessions to the side. Since this information is only available at the IP level, this is not something you can fix inside the SMTP MTA -- the critical information is destroyed before then. I imagine if you could get cisco (and other vendors) to fix their transparent proxy server software to be more intelligent, that would fix the problem. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)