15 Feb
2005
15 Feb
'05
9:36 p.m.
On Wed, Feb 16, 2005 at 02:23:04AM +0000, Adrian Chadd wrote:
Quite useful when it works (read: the other party has implemented AUTH-SMTP on port 587).
And if they's implemented unauthenticated SMTP on port 587, like, say, Sendmail, you've achieved nothing, or possibly worse, since you have encouraged people to simply run open relays on a different port than 25. How long do you think it's going to take for spammers to take advantage of this? (That's a rhetorical question: I already see spam engines trying to open port 587 connections in traces). Slavishly changing ports isn't the solution. Actually using authentication is the solution. It is silly -- to say the least -- to confuse the benefits of the two. Thor