The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Should mandate auth on submission port
Author: roe 
Date:   16-02-06 22:51

Unless I misread your article, you recommend to set up port 587 just like port 25, ie. no authentication is required to submit mail for local delivery.

This seems to be rather unwise. You're abusing the submission port for point to point mail transport, something it was not designed for. By doing so, you risk that ISPs will begin to block port 587 too, because it is being (ab)used for transport. The whole point of the submission port is the separation of transport and submission, which allows to block transport from end user address ranges without blocking submission.

I think you really should mandate SMTP AUTH on the submission port, even in such a point to point scenario.



Reply To This Message
 
 Re: Should mandate auth on submission port
Author: Dan 
Date:   16-02-06 23:08

roe wrote:

> Unless I misread your article, you recommend to set up port 587
> just like port 25, ie. no authentication is required to submit
> mail for local delivery.

Correct.

> This seems to be rather unwise. You're abusing the submission
> port for point to point mail transport, something it was not
> designed for. By doing so, you risk that ISPs will begin to
> block port 587 too, because it is being (ab)used for transport.
> The whole point of the submission port is the separation of
> transport and submission, which allows to block transport from
> end user address ranges without blocking submission.
>
> I think you really should mandate SMTP AUTH on the submission
> port, even in such a point to point scenario.

Would restricting connections to port 587 suffice?

--
Webmaster

Reply To This Message
 
 Re: Should mandate auth on submission port
Author: roe 
Date:   16-02-06 23:25

Dan wrote:

> roe wrote:
>
> > I think you really should mandate SMTP AUTH on the submission
> > port, even in such a point to point scenario.
>
> Would restricting connections to port 587 suffice?

Sure. But on second thought, since you'd technically still be using port 587 for (static, non-public) transport, I'd rather use some random high port instead.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org