Re: SMTP authentication for broadband providers
In article <cistron.20040212023825.GA77062@metron.com>, Lou Katz <lou@metron.com> wrote:
On Wed, Feb 11, 2004 at 03:13:30PM -0500, Sean Donelan wrote:
On Wed, 11 Feb 2004 Valdis.Kletnieks@vt.edu wrote:
On Wed, 11 Feb 2004 11:15:20 PST, Dave Crocker said:
what about port 25 blocking that is now done by many access providers? this makes it impossible for mobile users, coming from those providers, to access your server and do the auth.
Port 587.
So is it time for ISPs to start blocking port 587 too?
If the complaints are going back to the IP address anwyay, why shouldn't an ISP force it subscribers to go through the ISPs mail servers so it can control any messages sent by its subscribers?
Because, maybe, I don't think it is a good idea for someone else to CONTROL any messages I might send. Who will control the controllers?
As if they don't yet CONTROL the messages you receive ? Where, exactly, is your POP3/IMAP mailbox located ? Ah, you run your own mailserver for your own domain. So, you can use the submission port on your own mailserver, right ? Mike.
On Thu, Feb 12, 2004 at 08:48:06PM +0000, Miquel van Smoorenburg wrote:
In article <cistron.20040212023825.GA77062@metron.com>, Lou Katz <lou@metron.com> wrote:
On Wed, Feb 11, 2004 at 03:13:30PM -0500, Sean Donelan wrote:
On Wed, 11 Feb 2004 Valdis.Kletnieks@vt.edu wrote:
On Wed, 11 Feb 2004 11:15:20 PST, Dave Crocker said:
what about port 25 blocking that is now done by many access providers? this makes it impossible for mobile users, coming from those providers, to access your server and do the auth.
Port 587.
So is it time for ISPs to start blocking port 587 too?
If the complaints are going back to the IP address anwyay, why shouldn't an ISP force it subscribers to go through the ISPs mail servers so it can control any messages sent by its subscribers?
Because, maybe, I don't think it is a good idea for someone else to CONTROL any messages I might send. Who will control the controllers?
As if they don't yet CONTROL the messages you receive ? Where, exactly, is your POP3/IMAP mailbox located ? Ah, you run your own mailserver for your own domain. So, you can use the submission port on your own mailserver, right ?
Mike.
Correct, unless my ISP stops giving me full connectivity and starts blocking incoming (and outgoing) ports at whim. In my country, no large commercial entity, nor any government entity can be trusted, as has repeatedly been shown. I can locally submit to my mailserver, but if it tries to make an outbound connection on port 25 to a client's mailserver, and that is blocked, than all confidentiality of business or personal communication is gone. -- -=[L]=-
--On 12 February 2004 14:07 -0800 Lou Katz <lou@metron.com> wrote:
I can locally submit to my mailserver, but if it tries to make an outbound connection on port 25 to a client's mailserver, and that is blocked, than all confidentiality of business or personal communication is gone.
Since when was anything sent over port 25 confidential? Alex
On Thu, 12 Feb 2004 22:44:50 GMT, Alex Bligh said:
Since when was anything sent over port 25 confidential?
Since Phil Zimmerman decided to do something about it. And quite frankly, he was right - that's the only way to do it right. (I'm going to pretend that the S/MIME equivalents are in fact equivalent for the sake of the discussion, modulo tinfoil regarding getting a reliable and trusted cert chain put together).
--On 12 February 2004 18:13 -0500 Valdis.Kletnieks@vt.edu wrote:
Since when was anything sent over port 25 confidential?
Since Phil Zimmerman decided to do something about it.
Well if you are considering the plain-text of an encrypted mail, it doesn't much matter whether port 25 is intercepted by whatever governmental agency, or relayed through however many servers with questionable operators.
And quite frankly, he was right - that's the only way to do it right.
Oh I agree. My point to the original poster was that supposed security of port 25 communications was not a good reason to avoid using relays on the way. If you want security of you communications a good first step is PGP (et al.). (Note that this does still leak To:/From:/Subject: lines, but they be read via wire-tap just as they can be read via intercept at a relay). Alex
participants (4)
-
Alex Bligh
-
Lou Katz
-
Miquel van Smoorenburg
-
Valdis.Kletnieks@vt.edu