On 2/15/05 9:36 PM, "Thor Lancelot Simon" <tls@NetBSD.org> wrote:
On Wed, Feb 16, 2005 at 02:23:04AM +0000, Adrian Chadd wrote:
Quite useful when it works (read: the other party has implemented AUTH-SMTP on port 587).
And if they's implemented unauthenticated SMTP on port 587, like, say, Sendmail, you've achieved nothing, or possibly worse, since you have encouraged people to simply run open relays on a different port than 25. How long do you think it's going to take for spammers to take advantage of this? (That's a rhetorical question: I already see spam engines trying to open port 587 connections in traces).
Slavishly changing ports isn't the solution. Actually using authentication is the solution. It is silly -- to say the least -- to confuse the benefits of the two.
Thor
Thor, I don't think anyone is confusing the benefits. Sean's suggestion was quite clear. Run SMTP-Auth on port 587 and leave port 25 for email from other mail servers. There are lots of benefits to this approach. For one thing, it eliminates a lot of the "reasons" for provider email smarthosting, which needs to go away due to massive abuse. Sender email authentication will make smarthosting obsolete and users will need a different way of sending outgoing mail that isn't spam to their own mail servers for legitimate relay. ISPs filter port 25 outbound, but leave 587 open with the idea that users would have to authenticate against distant mail servers on that port. Everything works well. 587 running SMTP auth (and relaying for authenticated users) and port 25 for local (non relay) delivery without authentication should be the default on all servers. -- Daniel Golding Network and Telecommunications Strategies Burton Group