|
Author: roe
Date: 16-02-06 22:51
Unless I misread your article, you recommend to set up port 587 just like port 25, ie. no authentication is required to submit mail for local delivery.
This seems to be rather unwise. You're abusing the submission port for point to point mail transport, something it was not designed for. By doing so, you risk that ISPs will begin to block port 587 too, because it is being (ab)used for transport. The whole point of the submission port is the separation of transport and submission, which allows to block transport from end user address ranges without blocking submission.
I think you really should mandate SMTP AUTH on the submission port, even in such a point to point scenario.
|
|
Reply To This Message
|
|
Author: Dan
Date: 16-02-06 23:08
roe wrote:
> Unless I misread your article, you recommend to set up port 587
> just like port 25, ie. no authentication is required to submit
> mail for local delivery.
Correct.
> This seems to be rather unwise. You're abusing the submission
> port for point to point mail transport, something it was not
> designed for. By doing so, you risk that ISPs will begin to
> block port 587 too, because it is being (ab)used for transport.
> The whole point of the submission port is the separation of
> transport and submission, which allows to block transport from
> end user address ranges without blocking submission.
>
> I think you really should mandate SMTP AUTH on the submission
> port, even in such a point to point scenario.
Would restricting connections to port 587 suffice?
--
Webmaster
|
|
Reply To This Message
|
|
Author: roe
Date: 16-02-06 23:25
Dan wrote:
> roe wrote:
>
> > I think you really should mandate SMTP AUTH on the submission
> > port, even in such a point to point scenario.
>
> Would restricting connections to port 587 suffice?
Sure. But on second thought, since you'd technically still be using port 587 for (static, non-public) transport, I'd rather use some random high port instead.
|
|
Reply To This Message
|
|
