On Fri, 25 Feb 2005 11:17:35 -0500, andrew2@one.net <andrew2@one.net> wrote:
That's being a bit disingenuous. The discussion here hasn't been to open up port 587 to relay for all comers, but rather to open it up for authenticated use only. If spammers start using it, then it's a result of either poor authentication security or an understaffed abuse department. I'll agree with you on one thing, though -- the whole business of port 587 is a bit silly overall...why can't the same authentication schemes being bandied about for 587 be applied to 25, thus negating the need for another port just for mail injection?
Port 587 is intended for authenticated mail relaying only. While you can set up authenticated relaying only on port 25, you still have to deal with spammers sending mail directly to your users on port 25. Blocking port 25 outbound from dynamic ips (dialups, dsl, cable, etc) helps a little bit .. But then you need an alternate port for relaying. I think using port 587 for authorized relaying and port 25 for normal smtp services works out well. I can't think of a valid reason to ever block port 587, and I can't see how spammers will use port 587 for spamming, unless they have a username/password for relaying..
Andrew
-- Jason 'XenoPhage' Frisvold XenoPhage0@gmail.com