[78302] in North American Network Operators' Group
Re: Why do so few mail providers support Port 587?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Feb 28 17:14:26 2005
To: Nils Ketelsen <nils.ketelsen@kuehne-nagel.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Mon, 28 Feb 2005 16:54:23 EST."
<20050228165423.A25374@torzimon.ca.int.kn>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 28 Feb 2005 17:13:35 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1109628815_3594P
Content-Type: text/plain; charset=us-ascii
On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:
> An interesting theory. What is the substantial difference? For
> me the security implications of "allowing the user to bypass our
> mailsystem on port 25" and ""allowing the user to bypass our mailsystem on
> port 587" are not as obvious as they maybe are to you.
The big difference is that if they connect on outbound 25, they're basically
unauthenticated at the other end. Port 587 "should be" authenticated, which
means that the machine making the connection out is presumably a legitimate
user of the destination mail server.
If you're managing a corporate network, then yes, the distinction isn't
that obvious, as you're restricting your own users. If you're running an
ISP, you're being paid to *connect* people to other places, and making it
more difficult than necessary is.. well... a Randy Bush quote. ;)
--==_Exmh_1109628815_3594P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCI5ePcC3lWbTT17ARApIrAKDJnwgxE2UDoBND+5zLVHS1ZmvjjgCgszPh
os3051DMr/5+HRFgffp7v2s=
=I2xP
-----END PGP SIGNATURE-----
--==_Exmh_1109628815_3594P--
