On Wed, 3 Sep 2008, Keith Medcalf wrote:
Why would the requirements for authentication be different depending on the port used to connect to the MTA?
It's easier to configure the MTA if you make a distinction between server-to-server traffic and client-to-server traffic. In fact my systems distinguish three classes of traffic: MX, message submission, and smarthost. The MX service has lots of anti-spam features. You want to separate it from the others so that techniques like teergrubing don't make message submission painfully slow. You can also avoid interoperability problems with server-to-server TLS. You can limit the number of connections used by the MX service to that when it is being hammered by spammers, you can reserve some capacity so that message submission and outgoing relay still work. Having a message submission service that always requires TLS and authentication makes it easier for users to check their configuration. A mistake such as not turning on AUTH can be hidden when they test on their home network, only to be discovered later when they are roaming far from tech support. Separating your smarthost (outgoing relay service) from your MX can avoid some strange problems. Back in the dim and distant past before remote AUTHed message submission and before separate MX and smarthost, our roaming users who failed to change their smarthost setting would have working email when contacting colleagues but not anyone else, with a mysterious "relaying is not permitted" error instead of something clear and helpful. There's also some advantage to making it harder for spammers to work out the name of your smarthost: we once (years ago) had a problem with an open web proxy that spammers used as the first half of a two-stage open relay, the second half of which was the MX of the proxy's parent domain. We separate these functions by having separate names and IP addresses for each one. They are all just facets of the same MTA, so we don't have to maintainn lots of different configurations. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ LUNDY FASTNET IRISH SEA: WESTERLY OR SOUTHWESTERLY 4 OR 5, BECOMING CYCLONIC OR NORTHEASTERLY 5 TO 7, PERHAPS GALE 8 LATER. ROUGH OR VERY ROUGH. RAIN OR SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.