Date: Thu, 24 Feb 2005 16:08:42 -0500 From: Nils Ketelsen <nils.ketelsen@kuehne-nagel.com> To: nanog@merit.edu Subject: Re: Why do so few mail providers support Port 587?
On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote: [ ... ]
What can be done to encourage universities and other mail providers with large roaming user populations to support RFC2476/Port 587?
Give a good reason. That is still the missing part.
From a "security" stance (well - partly ;D) I always like to emphasize that in "The Real World" port 25 is for traffic between MTA's *and* submission of mails to the local MTA. So to reduce the chance of one of my users abusing an Open Relay and to enforce corporate e-mail policies, only port 25 towards our mailserver is open.
Port 587 on the other hand is meant for "submission" by clients. The security implications of allowing my users to contact such a port are very very low. If someone won't secure his mailserver on port 587, that's something different, but substantially different than if it were insecure on port 25... Now if you turn that around, you see why we opted to support SMTP Auth on port 587 and have left our legacy mailhub running on port 25 ;) I have users roaming around the world - on "company" business. And my users also entertain the same kind of roaming users. Now, if I want to have my users be able to connect to my mailserver on port 587 from anywhere in the world, I should also allow guests over here to do the same to their mailserver on port 587. It works both ways after all ;)
Nils
Kind regards, JP Velders